
Thanks
TonyT, HuangLao & GarryRicketson for your replies; most interesting!
@HuangLao: Isn't it
academica, not "academia." I hadn't come across the
wordfence plugin, in spite of its 2+ million downloads.
I'm in the process of overhauling my system and decided to apt-get install wordpress from jessie-backports:
- Code: Select all
# apt-cache policy wordpress
wordpress:
Installed: 4.7.5+dfsg-2~bpo8+1
Candidate: 4.7.5+dfsg-2~bpo8+1
Version table:
*** 4.7.5+dfsg-2~bpo8+1 0
100 ftp://ftp.stratoserver.net/pub/linux/debian/ jessie-backports/main amd64 Packages
100 /var/lib/dpkg/status
4.1+dfsg-1+deb8u14 0
500 ftp://ftp.stratoserver.net/pub/linux/debian/ jessie/main amd64 Packages
500 ftp://ftp.stratoserver.net/pub/linux/debian-security/ jessie/updates/main amd64 Packages
I also decided to keep the default file permissions, which are:
- Code: Select all
# cd /var/lib/wordpress/wp-content/
root@xxxxxxxx:/var/lib/wordpress/wp-content# ls
index.php languages plugins themes uploads
root@xxxxxxxx:/var/lib/wordpress/wp-content# ls -l
total 28
-rw-r--r-- 1 www-data www-data 28 May 17 14:06 index.php
drwxr-xr-x 2 www-data www-data 12288 Aug 15 18:21 languages
drwxr-xr-x 4 www-data www-data 4096 Aug 19 07:07 plugins
drwxr-xr-x 3 www-data www-data 4096 Aug 19 07:07 themes
drwxr-xr-x 3 www-data www-data 4096 Aug 15 18:50 uploads
root@xxxxxxx:/var/lib/wordpress/wp-content# cd plugins
root@xxxxxxxx:/var/lib/wordpress/wp-content/plugins# ls -l
total 8
lrwxrwxrwx 1 root root 47 Aug 15 18:21 akismet -> /usr/share/wordpress/wp-content/plugins/akismet
drwxr-xr-x 2 root root 4096 Jun 23 21:51 call-now-button
lrwxrwxrwx 1 root root 49 Aug 15 18:21 index.php -> /usr/share/wordpress/wp-content/plugins/index.php
drwxr-xr-x 7 root root 4096 Aug 5 00:36 si-contact-form
root@xxxxxxxxx:/var/lib/wordpress/wp-content/plugins# cd ..
root@xxxxxxxx:/var/lib/wordpress/wp-content# cd themes
root@hxxxxxx:/var/lib/wordpress/wp-content/themes# ls -l
total 4
drwxr-xr-x 6 root root 4096 Jan 24 2017 simple-bootstrap
lrwxrwxrwx 1 root root 54 Jun 5 22:53 twentyseventeen -> /usr/share/wordpress/wp-content/themes/twentyseventeen
Well, you can see that, apart from the default theme
twentyseventeen, which, by the way, I'm more than pleased with, I also have another theme named
simple-bootstrap and two plugins, apart from akismet, which is there by default, namely:
call-now-button and
si-contact-form.
The additional theme, I downloaded from within the themes directory with wget and extracted there. I used the same method to enable the plugins.
@GarryRicketson: Regarding security, as can be seen from the above, both themes and plugins work fine when it's done this way without changing any of the default, secure file permissions consequent to the installation from the Debian repository.
it's interesting to read in /usr/share/doc/wordpress$ zcat README.Debian.gz:
#### Default themes and external servers
The themes shipped with Debian packages called wordpress-theme-twenty*
require to be able to download font and style sheets from external
Content Delivery Networks (CDNs) such as googleapis. This may or may
not be a problem but it may leak information about people visiting
your website.
For most people, this is fine. However if it is a problem for you,
choose a theme that doesn't use external resources or try using a
plugin such as disable-google-fonts.
Finally, I also tried to package the simple-bootstrap theme, i.e., make a debian package which I then installed but, unlike extracting the downloaded file directly into the themes directory, it didn't work. But I'll continue with my packaging efforts and if I get stuck I'll have to consult the forums' packaging guy. Who might that be?

"Please accept my resignation. I don’t care to belong to any club that will have me as a member".—Groucho Marx