restricts ownership changes to files still owned by root (e.g., from the image build). On subsequent restarts, files already owned by www-data are skipped entirely, avoiding a full recursive write cycle.

Added ignores for .env, *.log, .DS_Store, Thumbs.db, and common editor/IDE files
chown entire wp-content to ensure correct permissions
2026-06-02 16:24:48 +01:00 · 2026-06-02 16:23:11 +01:00 · 2026-06-02 16:11:39 +01:00 · 2026-05-26 17:10:01 +00:00 · 2026-05-26 17:05:24 +01:00 · 2026-05-26 14:08:49 +00:00
5 changed files with 42 additions and 14 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,22 @@
 # direnv
 /.envrc
 # Environment files (may contain secrets)
 .env
 # Logs
 *.log
 # OS metadata
 .DS_Store
 Thumbs.db
 # Editor/IDE
 *.swp
 *.swo
 *~
 *.bak
 .idea/
 .vscode/
 .project
 .classpath
--- a/abra.sh
+++ b/abra.sh
@ -1,5 +1,5 @@
 export PHP_UPLOADS_CONF_VERSION=v4
-export ENTRYPOINT_CONF_VERSION=v7
+export ENTRYPOINT_CONF_VERSION=v8
 export ENTRYPOINT_MAILRELAY_CONF_VERSION=v2
 export MSMTP_CONF_VERSION=v4
 export HTACCESS_CONF_VERSION=v3
@ -42,11 +42,11 @@ core_install(){
 }
 enable_auto_updates(){
-  wp plugin deactivate disable-update-notifications --allow-root
+  wp "plugin deactivate disable-update-notifications --allow-root"
-  wp plugin uninstall disable-update-notifications --allow-root
+  wp "plugin uninstall disable-update-notifications --allow-root"
-  wp option delete disable_notification_setting --allow-root
+  wp "option delete disable_notification_setting --allow-root"
-  wp plugin auto-updates enable --all --allow-root
+  wp "plugin auto-updates enable --all --allow-root"
-  wp theme auto-updates enable --all --allow-root
+  wp "theme auto-updates enable --all --allow-root"
 }
 disable_auto_updates(){
--- a/compose.yml
+++ b/compose.yml
@ -62,7 +62,7 @@ services:
        - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.replacement=https://${DOMAIN}/$${2}"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.permanent=true"
        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT}"
-        - "coop-cloud.${STACK_NAME}.version=2.19.1+6.9.4"
+        - "coop-cloud.${STACK_NAME}.version=2.19.2+6.9.4"
  db:
    image: "mariadb:12.2"
--- a/entrypoint.sh.tmpl
+++ b/entrypoint.sh.tmpl
@ -42,6 +42,20 @@ define('FORCE_SSL_ADMIN', true );
 define('COOKIE_DOMAIN', \$_SERVER['HTTP_HOST']);"
 {{ end }}
 UPLOADS_HTACCESS=/var/www/html/wp-content/uploads/.htaccess
 if [ ! -f "$UPLOADS_HTACCESS" ]; then
    mkdir -p /var/www/html/wp-content/uploads
    cat > "$UPLOADS_HTACCESS" <<'EOF'
 # Prevent PHP execution in uploads directory
 <FilesMatch "\.(?i:php|phtml|phar)$">
    Require all denied
 </FilesMatch>
 EOF
 fi
 chown -R --from=root:root www-data:www-data /var/www/html/wp-content/
 if [ -n "$@" ]; then
 	"$@"
 fi
--- a/htaccess.tmpl
+++ b/htaccess.tmpl
@ -3,13 +3,6 @@
    Require all denied
 </FilesMatch>
 # Prevent PHP execution in uploads directory
 <Directory /var/www/html/wp-content/uploads>
    <FilesMatch "\.(?i:php|phtml|phar)$">
        Require all denied
    </FilesMatch>
 </Directory>
 {{ if eq (env "MULTISITE") "" -}}
 # BEGIN WordPress
Author	SHA1	Message	Date
kawaiipunk	cf54575187	restricts ownership changes to files still owned by root (e.g., from the image build). On subsequent restarts, files already owned by www-data are skipped entirely, avoiding a full recursive write cycle.	2026-06-02 16:24:48 +01:00
kawaiipunk	b4db12f09c	Added ignores for .env, *.log, .DS_Store, Thumbs.db, and common editor/IDE files	2026-06-02 16:23:11 +01:00
kawaiipunk	e4b87c8ab9	chown entire wp-content to ensure correct permissions	2026-06-02 16:11:39 +01:00
moritz	7e170adbb4	Merge pull request 'Added xtra chown to ensure correct perms on every container start' (#57 ) from kawaiipunk/wordpress:main into main Reviewed-on: coop-cloud/wordpress#57	2026-05-26 17:10:01 +00:00
kawaiipunk	66e0687456	Removed redundant chown	2026-05-26 17:05:24 +01:00
KawaiiPunk	9209f007cb	revert `69cf451b98` revert Merge pull request 'chore(deps): update wordpress docker tag to v7' (#55) from renovate/wordpress-7.x into main Reviewed-on: coop-cloud/wordpress#55 Sorry this was done by mistake!	2026-05-26 14:08:49 +00:00
KawaiiPunk	69cf451b98	Merge pull request 'chore(deps): update wordpress docker tag to v7' (#55 ) from renovate/wordpress-7.x into main Reviewed-on: coop-cloud/wordpress#55	2026-05-26 13:59:35 +00:00
kawaiipunk	73a2e98d2e	Added xtra chown to ensure correct perms on every container start	2026-05-26 14:10:22 +01:00
Renovate Bot	0e229168fc	chore(deps): update wordpress docker tag to v7	2026-05-22 00:34:30 +00:00
Moritz	332ab0b97d	chore: publish 2.19.2+6.9.4 release	2026-04-28 02:25:26 +02:00
Moritz	3b598e82dd	harden htaccess	2026-04-28 01:57:52 +02:00
Moritz	8e81f3f81c	selfmanaged wordpress	2026-04-28 01:54:50 +02:00