Read-Only File Configuration
Recently, we added a new configuration option for all the sites we host that allows us to temporarily prevent edits to customer sites when our support team needs to dive in to troubleshoot important issues and get sites back up and running. It’s called the “read-only file system.”
If you peek into your wp-config.php file and see:
"readonly_filesystem" => true
This setting is on. Your site will be unable to write PHP files to disk, even when a user is authenticated with WordPress.
Since this setting locks down edits, it’s something we would only use temporarily, when completely necessary, and when we have communicated directly with the developer and/or site owner. Constant communication will be the first priority with this setting because plugins and themes may not work when this is activated.
Of course, during these situations, our support team will only temporarily activate the setting, and once the support issue has been resolved, we’ll set this to false and normal site functionality will resume.
Now, when this is activated, you would be able to use any non-web mechanism to update the filesystem, including SFTP and git-push. Activating this setting is also helpful for the folks using git-push-to-deploy because if you’re using git, you don’t want to edit files directly, but instead via git-push.
When this is activated, users can still create and edit posts as well as media files. Only the ability to modify PHP files is constrained to either SFTP and git. If you’d like, you can specifically request that our support staff turn the read-only filesystem configuration for your site. Customers who want to only be able to modify files via SFTP and git can request this and our support team will activate this for you.
Is this a viable new way of hardening a WordPress site on a day to day basis?