Installed Wordpress on VPS. Did I compromise security doing it like this?

I’ve been trying to install wordpress on my VPS and have been running into weird permission and permalink issues. I have everything working now (thanks to the sticky), but did I compromise anything by using this process?

  1. Did a basic LAMP install (running Debian x86).
  2. Set IP-based virtual host for multiple sites in “etc/apache2/sites-available/default/”. (I am using multiple IP’s)
  3. Installed wordpress in DocumentRoot and added .htaccess in there as well.
  4. “chown -R www-data:www-data /var/www/wordpress_site/”
  5. created rewrite.load in “/etc/apache2/mods-enabled/” and added the line “LoadModule rewrite_module /usr/lib/apache2/modules/”

I have limited resources on the server, so would there be a difference in the following?

A: Single wordpress install in “/usr/share/wordpress/” and creating a symlink to the DocumentRoot of all the sites I would want wordpress on.

B: Putting the contents of the wordpress install in each DocumentRoot of the sites I want wordpress on.

I have done the latter at the moment and am concerned if anything is a security risk as I’ve messed with permissions and put my install in the DocumentRoot.

Here’s a link to my virtual host file:

With regards to 2, I would not chown the complete directory to www-data, just the parts where Apache need to be able to write data (file uploads, cache, etc).

As for the rest of your question, it sounds like you’re looking to set up WordPress MultiSite. Have a look at that page and see if that helps you :slight_smile: