makemysql: automatically update db password in wordpress #103
Comments
|
One must take into account security considerations too. Specifically, last time I checked, wp-cli operates by evaluating the Wordpress PHP code, which is dangerous if the Wordpress files have been compromised. We do not want |
|
Good point. If the site is compromised, it is already able to run malicious code, so we just have to make sure that |
|
Still, though, I think people expect |
|
I don't see it as a change in security model at all. There are two cases:
|
|
Still, I suppose there could, at least in principle, be an issue with I would suggest putting the wp-cli stuff behind a command line option, or at least having an option to skip it. |
|
Hi! Me and snarain worked on a small commit to the initial makemysql script that creates a db pass and assigns it to a temp file that the makemysql-real python script reads. We cant run the modified python script due to privileges but can someone could look at our commit on? |
|
Thanks for working on this! nvmd, I'm wrong about this, can a root staffer please test this? I'll be out of town for the next week and don't expect to have the time to test this. |
|
Done in #129, although we may want to polish some ends (like not failing when there's no wp installation) |
If a user has a Wordpress website set up and resets their database password, the site becomes completely unusable (even to go into settings and change it). Fixing it requires SSHing in and changing the password in the configuration file.
Luckily, we can automate this with wpcli. The
makemysqlscript should also cd into thepublic_htmlfolder and runwp config set DB_PASSWORD newpasswordgoeshere. It's OK if the command fails since that just means the user doesn't have a Wordpress site.The text was updated successfully, but these errors were encountered: