Secure WordPress multi-site
I described the installation of multi-site WordPress here with nginx webserver and php-fpm processes both running as user www-data. According to WordPress, the webserver should have read access to all data and only the WordPress user should have write access. The concept of a WordPress user relates to hosted environments. So how to implement these requirements on your own VPS? First of all, php-fpm supports the concept of pools. Each pool can run with an unique user, separate from the webserver user. So each site should run in a separate pool. This results in the following accounts: webserver: www-data user (default for nginx on debian) site 1:Read More →