makemysql: automatically update db password in wordpress

ocf / utils

User and staff utilities for the Open Computing Facility

https://www.ocf.berkeley.edu/

Other

7 stars 15 forks source link

makemysql: automatically update db password in wordpress #103

Open dkess opened 5 years ago

dkess commented 5 years ago

If a user has a Wordpress website set up and resets their database password, the site becomes completely unusable (even to go into settings and change it). Fixing it requires SSHing in and changing the password in the configuration file.

Luckily, we can automate this with wpcli. The makemysql script should also cd into the public_html folder and run wp config set DB_PASSWORD newpasswordgoeshere. It's OK if the command fails since that just means the user doesn't have a Wordpress site.

kpengboy commented 5 years ago

One must take into account security considerations too. Specifically, last time I checked, wp-cli operates by evaluating the Wordpress PHP code, which is dangerous if the Wordpress files have been compromised. We do not want makemysql to accidentally run malicious code.

dkess commented 5 years ago

Good point. If the site is compromised, it is already able to run malicious code, so we just have to make sure that wpcli is run with the same permissions as the user.

kpengboy commented 5 years ago

Still, though, I think people expect makemysql to be a "safe" command. Allowing it to execute arbitrary code, even as the same user, would still be a major change in the security model of this script.

dkess commented 5 years ago

I don't see it as a change in security model at all. There are two cases:

The site is a regular WordPress site, in which case it works properly
The site is compromised, in which case it can run whatever code it wants, so interaction with this script doesn't matter

kpengboy commented 5 years ago

Still, I suppose there could, at least in principle, be an issue with makemysql triggering the execution of malicious code that could, for instance, detect when the database password is being changed through wp-cli and email the new password off to the attacker. Or something.

I would suggest putting the wp-cli stuff behind a command line option, or at least having an option to skip it.

gundralaa commented 5 years ago

Hi! Me and snarain worked on a small commit to the initial makemysql script that creates a db pass and assigns it to a temp file that the makemysql-real python script reads. We cant run the modified python script due to privileges but can someone could look at our commit on? https://github.com/ocf/utils/tree/wp-automatic-db-pass

dkess commented 5 years ago

Thanks for working on this! ~You should still be able to test the script locally by installing Wordpress on your personal OCF account and running the script from your home directory.~

nvmd, I'm wrong about this, can a root staffer please test this? I'll be out of town for the next week and don't expect to have the time to test this.

cg505 commented 4 years ago

Done in #129, although we may want to polish some ends (like not failing when there's no wp installation)