1

I have a website, built using a multisite WordPress set-up.

I've come across the following advice online:

It is better to enforce a base directory (eg: "/var/www/") to prevent PHP from accessing other directories in the filesystem.

What should I set my path to?

  1. home/mysite/
  2. home/mysite/public_html
  3. home/mysite/public_html/something-else

Edit: For more accurate context, I'm configuring open_basedir via WHM to manage more than one website on a VPS.

Clarus Dignus
  • 3,847
  • 3
  • 31
  • 57
  • Your question differs as you elaborate.... do you want to know **why** or **what**? – naththedeveloper Dec 01 '14 at 14:03
  • what of those is the document_root? – UnskilledFreak Dec 01 '14 at 14:06
  • @ɴᴀᴛʜ The "what" is being asked. The "why" was a typo on my part. Question edited. Thanks for spotting. – Clarus Dignus Dec 01 '14 at 14:06
  • @UnskilledFreak Am I correct to understand "document_root" as "home/"? – Clarus Dignus Dec 01 '14 at 14:07
  • @UnskilledFreak If document_root refers to where www.mysite.com leads to, "home/mysite/public_html" is the answer to your question. – Clarus Dignus Dec 01 '14 at 14:11
  • 1
    yep thats what i mean, thanks. Is your wp installed in this dir? If so, wp automatically read the right dir in multisite mode from that, so your open_base_dir should be your document_root eg. /home/mysite/public_html – UnskilledFreak Dec 01 '14 at 14:20
  • 1
    http://stackoverflow.com/questions/1846882/open-basedir-restriction-in-effect-file-is-not-within-the-allowed-paths – Len_D Dec 01 '14 at 14:25
  • @UnskilledFreak Seeing as how I'm configuring my PHP settings via WHM for a VPS, I've found `Home » Security Center » PHP open_basedir Tweak` which already has the document_root path identified. It allows the enabling and per-site exclusion of the open_basedir protection. Cheers. – Clarus Dignus Dec 01 '14 at 14:42
  • @UnskilledFreak Please add your comment as an answer to allow me to gain closure on this question. – Clarus Dignus Dec 01 '14 at 14:50

1 Answers1

1

DOCUMENT_ROOT should always be open_basedir.

Is your wp installed in this dir? If so, wp automatically read the right dir in multisite mode from that, so your open_base_dir should be your document_root

UnskilledFreak
  • 306
  • 2
  • 13
  • Seeing as how I'm configuring my PHP settings via WHM for a VPS, I've found `Home » Security Center » PHP open_basedir Tweak` which already has the document_root path identified. It allows the enabling and per-site exclusion of the open_basedir protection using. Cheers. – Clarus Dignus Dec 01 '14 at 15:03