Security considerations when migrating development sites to production sites

The server configuration and necessary permissions between your development server and production server may be completely different. Unless the production server is a completely dedicated environment, don't assume that what was safe on your development server will also be safe on the production server.

Take the time to revisit all the pages in this security section (particularly file permissions) with the context specific to your production server. In particular, pay attention to your writable file system permissions for /site/assets/, /site/modules/ and everything in them, as well as your /site/config.php file. You may need to make a recursive change to all files in that directory after migrating to production. For instance, if your production server has Apache running as your account, and your development server didn't, then you should lock down the permissions consistent with what the server supports.

You might also find it worthwhile to install a test copy of ProcessWire on your production server before migrating your site to it. The installer can identify many potential issues ahead of time, saving you the hassle of figuring things out during migration. Remember to delete the test installation afterwards.

Comments

No comments yet. Be the first to post!

Post a Comment

Your e-mail is kept confidential and not included with your comment. Website is optional.