I don't understand why these file permissions instructions for WordPress are not listed somewhere on the 5 minute install page! One can not use images until the right chmod's are done... http://codex.wordpress.org/Changing_File_Permissions
One click updates: http://codex.wordpress.org/Updating_WordPress
- "file ownership: all of your WordPress files must be owned by the user under which your web server executes. In other words, the owner of your WordPress files must match the user under which your web server executes."
Folders are supposed to be owned by the user that apache2 runs under?
- get user: ps aux | egrep '(apache|httpd)'
REM: Some features are WordPress.com only - http://en.support.wordpress.com/com-vs-org/
Menu item without link - 1. put in # in URL. 2. edit to remove the #.
Roundabout way to disable comments on "all" posts - dashboard - settings - discussion - Automatically close comments on articles older than days
Salts and keys must be changed after a password has been compromised, apparently people can log in with cookies almost indefinitely even when the password has changed. Also, over the years, new salts and keys have been added to WP, but there is no (obvious to me) warning or suggestion to add them to the wp_config.php. See https://www.wpwhitesecurity.com/wordpress-tutorial/wordpress-security-keys/
Themes can be executed even if they are not enabled. They are a security issue.