This is a total rewrite of my original notes on wordpress folder permissions, I still consider the folder permissions discussed with the earlier article relevant, and a good starting point. This article will discuss reconfiguring apache to use mod fast cgi. This eliminates the problem of wordpress folder permissions and also improves server performance.
Assuming you are running your own server, and have the ability to reconfigure apache. We are going to change the default behavior of apache. Instead of having your web requests handled by the default user www-data or apache, we can have it spawn a process to handle requests for that domain with the credentials of a specific user, this is espically useful if you host multiple domain. This greatly improves security, and also enables you to set specific configurations on a per domain basis, without having to do site wide changes.
The overall picture is that apache will spawn servers to handle incoming requests. Those requests are then handed over to children cgi processes that run under different user ids.
I’m not going to write my own details and directions as there are many websites out there that detail this, however please check the notes section below. One good reference would be Brandon Turner’s link below
http://www.brandonturner.net/blog/2009/07/fastcgi_with_php_opcode_cache/
Notes:
I found the following script to work best with my current needs and setup for the fcgi:
#!/bin/sh PHPRC=/etc/php5/cgi/ export PHPRC PHP_FCGI_MAX_REQUESTS=5000 export PHP_FCGI_MAX_REQUESTS umask 0022 exec /usr/lib/cgi-bin/php -d apc.shm_size=15
Please only have one manager manage the process. In my case I have in my apache.conf file MaxRequestsPerChild=5000
Apache will kill off the php children as it hits that limit. You don’t want your fcgi to spawn any extra process, by including PHP_FCGI_CHILDREN=n
You will end up with apache killing off one of the fcgi parents, leaving a whole bunch of orphaned children eating up the system resources.
Results
The data really speaks for itself. I’m glad I made the switch, see my memory results below. I did not include total memory as that is not relevant to this post. The dead portion in the middle was my fault, I had failed to realize that I needed to change the security settings on the the cacti folder since I switched to fcgi to handle web requests. Once I changed the folder ownership.
cacti memory stats
Conclusion
Definitely worth the time in setting up. It is not a simple task, but the results are rewarding. I hope you’ve find this post useful and can use it with your site.