Hosting multiple WordPress installations

Question

I'm going to host multiple WordPress-installations on my dedicated LAMP-server (Ubuntu). All installations will be under folder /var/www/wordpress/.

For example, if I have two customers:

CUSTOMER NAME - WORDPRESS PATH

customer1 - /var/www/wordpress/customer1/

customer2 - /var/www/wordpress/customer2/

Customers will get only access to WordPress control panel but I'm wondering of security because there is for example possibility to run PHP-scripts.

How can I limit customer1 access to only folder /var/www/wordpress/customer1 and disable internal scripts and other security problems? Should I allow only some file extensions via .htaccess? How should I change each folder's permissions?

Thank you very much for answers!

Answer 1

You are looking for chroot jails

The chroot system call changes the root directory of the current and all child processes to the given path, and this is nearly always some restricted subdirectory below the real root of the filesystem. This new path is seen entirely as "/" by the process, and we refer to this restricted environment as the "jail". It's not possible to escape this jail except in very limited circumstances.

This could allow you to jail your users to a particular directory while still being able to serve their home folder with apache using virtual hosts.

This practice is often used in shared hosting.