Anyone know of a way through a combination of PHP & Apache settings to make a shared hosting account secure from a Wordpress install? Basically, I’m worried about Wordpress getting hacked, the hacker uploading whatever files (PHP/perl) they want, and deleting my other sites on my shared-server hosting account.
Let’s say my account, on a shared BSD server, is in this folder:
/usr/www/users/MyAccount
I’ll have non-Wordpress sites here:
/usr/www/users/MyAccount/otherSites/
The Wordpress site here:
/usr/www/users/MyAccount/Wordpress/
But, if a hacker can upload any PHP code, they’ll have access to all my directories.
I could install a separate PHP cgi to solely run the WP site, however that would still be under my ID, and most likely could access the other directories.
Any ideas of combination of PHP & Apache settings (while still under my ID) to secure/separate that Wordpress install?
I’m basically doing this to save $7/month by not having to have 2 hosting accounts, which I currently do have because I’m paranoid about Wordpress getting hacked.