The MU forums have moved to WordPress.org

security issues in subdirectory vs. root install (12 posts)

  1. peacearena
    Member
    Posted 16 years ago #

    I do not have a dedicated server. My host will set up wildcard DNS and is generally quite willing to configure to my needs. But he is adament that WP/WPMU or any "complex" CMS needs to be installed in a subdirectory and not the root, or all kinds of horrible things will happen.

    Is he right or what can I tell him about security precautions within WPMU in a shared environment?

    He nearly hit the roof when I said that I had set permissions on the public html directory to 777 temporarily for the install. I didn't see anything about changing the permissions back but surely this is the case?

    Any help appreciated.

  2. lunabyte
    Member
    Posted 16 years ago #

    MU will not function properly in a subdirectory.

    Yes, chmod the root back to 755 after install.

  3. peacearena
    Member
    Posted 16 years ago #

    Thanks. Besides that, what about security issues?

  4. lunabyte
    Member
    Posted 16 years ago #

    Meaning is there any difference between a root directory and sub directory install in terms of security?

    No. Your "host" is not correct.

  5. peacearena
    Member
    Posted 16 years ago #

    Thanks. I didn't think so, but I'm just barely able to install programs that smart people make, and don't know squat about servers, so really wanted a definitive answer. Why do hosts say stuff like this to their customers. Making their services seem scary surely can't be good for business!

  6. lunabyte
    Member
    Posted 16 years ago #

    To be honest, they probably don't know any better. Which, IMHO, would scare me straight to a major, reputable host.

    Think about their "statement".

    "...any 'complex' CMS needs to be installed in a subdirectory and not the root, or all kinds of horrible things will happen."

    The bad thing is that it isn't exactly a difficult thing to put up a box and call yourself a host these days, or resell someone else's space and say you're a host. With a bare minimum knowledge of things underneath such as Linux, apache, etc.

    Scary, scary world out there.

  7. peacearena
    Member
    Posted 16 years ago #

    Just to be clear, the only direct quote in my paraphrase was "complex". He did go into more technical detail about the so-called dangers, but according to what you're saying, that's a moot point.

    Anyway, I'm reinstalling at root and if he doesn't like it, I will find another host as you suggest.

  8. drmiketemp
    Member
    Posted 16 years ago #

    Actually you can install wpmu into a subdirectory. You're just going to have to do subdirectories off of that. (ie mydomain.tld/wpmu/username)

    Gotta admit though I'd ask your host to point at specific security issues and see what they say.

  9. peacearena
    Member
    Posted 16 years ago #

    Above, lunabyte says, "MU will not function properly in a subdirectory."

    But apparently that means it will not create subdomains with wildcard DNS, but will "function properly" to have multiple blogs in virtual subdirectories, after choosing that option at install.

    I return to my original impression, that this issue is extremely muddy around here, for newcomers, anyway.

    Regardless, I now I have it working on my site's root, and I'm thrilled with it so far, and very grateful to all who work on it.

  10. lunabyte
    Member
    Posted 16 years ago #

    You are trying to install it so that you can have username.domain.tld.

    Therefore, installing in a subdirectory isn't an option.

    If you "wanted" to go the subdirectory method, domain.tld/username, MU could be in a subdirectory "technically", but MU has a tendency to act funny when installed in subdirectory mode.

  11. erdba
    Member
    Posted 16 years ago #

    my solution is:
    update domain, path field on wp_site table are following: domain="www.domain.com/subpath", path="/".

    and everything works fine.

  12. Arlo Gilbert
    Member
    Posted 16 years ago #

    Do you have the detailed instructions for this erdba?

About this Topic

  • Started 16 years ago by peacearena
  • Latest reply from Arlo Gilbert