I wrote an app for my customer in Symfony2 and we went public with that. However, I am learning right now that he had a separate Wordpress app within previous server to manage some separate product. Now, he asks that we transfer that WP app on a new server. Being all security in mind, I cannot feel but nervous about potential impact here. I am to have the following URL setup: www.myclientapp.com www.myclientapp.com/some-wp What are my options here? I can think of some, but any suggestion would be helpful. Buy separate shared hosting and put WP there. Then do redirection from our website. My VPS server runs with nginx and php-fpm . Can I utilize separate pools which would run under different user. I would need to review access privileges to Symfony's files. In any case I would allocate separate mysql user and database. Those wold be enforced by strict privileges which prohibit access to my primary database. Can you guys think of anything else? My primary goal is: If WP is vulnerable, let it be. Under no circumstances I would allow it to compromise my Symfony2 app. I am primarily concerned about configuration files ( app/config/*.yml ) which contain sensitive data.

Reputation: 20193

Hosting WP app on server which already has Symfony2 app

I wrote an app for my customer in Symfony2 and we went public with that. However, I am learning right now that he had a separate Wordpress app within previous server to manage some separate product.

Now, he asks that we transfer that WP app on a new server. Being all security in mind, I cannot feel but nervous about potential impact here. I am to have the following URL setup:

www.myclientapp.com
www.myclientapp.com/some-wp

What are my options here? I can think of some, but any suggestion would be helpful.

Buy separate shared hosting and put WP there. Then do redirection from our website.
My VPS server runs with nginx and php-fpm. Can I utilize separate pools which would run under different user. I would need to review access privileges to Symfony's files.

In any case I would allocate separate mysql user and database. Those wold be enforced by strict privileges which prohibit access to my primary database.

Can you guys think of anything else?

My primary goal is: If WP is vulnerable, let it be. Under no circumstances I would allow it to compromise my Symfony2 app. I am primarily concerned about configuration files (app/config/*.yml) which contain sensitive data.

Upvotes: 0

Answers (2)

l.renkema

Reputation: 2622

A way is running symfony under a different php-fpm user than the WP website and make sure the file/directory rights are set correctly. Then a WP exploit cannot write/read to the symfony files depending on the directory/file rights.

A better way is to use the php config open_basedir and isolate the two sites into their own "jails" this way PHP prevents including/reading files from other websites. See http://php.net/manual/en/ini.core.php#ini.open-basedir for more information.

For this to work the code should be separated into different directories, you can use nginx aliases or virtualhosts to point the domainname to the correct directory.

Upvotes: 1

Motolola

Reputation: 368

I will recommend that you use something like a sub-domain eg wp.symfony.com.

They may still be hosted on the same server, but using different virtual host directories. With that, the apps will never see each other.

Upvotes: 1

Hosting WP app on server which already has Symfony2 app

Answers (2)

Related Questions