So, I have been reading about this for a long time and there's never a conclusive answer to be found anywhere.
I have a Centos 6 LAMP web server which mostly hosts websites created by yours truly and the occasional website created by someone else.
Which is the most secure way to configure Wordpress folders ownership AND keep all the automatic features (updating, uploading and so on) without the need to insert ftp or sftp credentials each time?
Aside from permissions (which I always set to 755 for folder, 644 for files and 600 for special files, as suggested everywhere), there's a lot of different ideas about ownership.
Somebody says apache should be the owner of the whole folder. Somebody says that the owner should be your server user (root for instance, or a dedicated user) and never apache.
But if the owner is not apache, you have to use your ftp credentials to upload, update and so on.
So is there a way to actually have it all? What's the safest and smartest way to configure ownership for Wordpress?