#!/bin/bash

# --- Interactive Input ---
read -rp "Enter the full path to your WordPress installation (e.g., /var/www/html/wordpress): " WP_PATH
read -rp "Enter the web server user (e.g., www-data or apache): " WEB_USER
read -rp "Enter the web server group (e.g., www-data or apache): " GROUP

# --- Validation ---
if [ ! -d "$WP_PATH" ]; then
  echo "❌ Error: The path '$WP_PATH' does not exist or is not a directory."
  exit 1
fi

echo "Starting security setup for WordPress..."
echo "✔ Path  : $WP_PATH"
echo "✔ User  : $WEB_USER"
echo "✔ Group : $GROUP"

# 1. Set ownership
echo "🔧 Setting ownership to $GROUP:$GROUP..."
chown -R "$GROUP":"$GROUP" "$WP_PATH"

# 2. Set directory permissions to 755
echo "🔧 Setting directory permissions to 755..."
find "$WP_PATH" -type d -exec chmod 755 {} \;

# 3. Set file permissions to 644
echo "🔧 Setting file permissions to 644..."
find "$WP_PATH" -type f -exec chmod 644 {} \;

# 4. Secure wp-config.php
WPCONFIG="$WP_PATH/wp-config.php"
if [ -f "$WPCONFIG" ]; then
  echo "🔐 Securing wp-config.php with 640 permissions..."
  chmod 640 "$WPCONFIG"
else
  echo "⚠️ Warning: wp-config.php not found."
fi

## 5. Disable file editing in wp-admin
#if [ -f "$WPCONFIG" ]; then
#  if ! grep -q "DISALLOW_FILE_EDIT" "$WPCONFIG"; then
#    echo "🚫 Disabling file editing via wp-admin..."
#    echo "define('DISALLOW_FILE_EDIT', true);" >> "$WPCONFIG"
#  fi
#fi

# 5. Set correct permissions on wp-content/uploads folder
echo "🔧 Setting uploads directory ownership..."
##chmod 775 "$WP_PATH/wp-content/uploads" 
##find "$WP_PATH/wp-content/uploads" -type d -exec chmod 775 {} \;
chown -R "$WEB_USER":"$GROUP" "$WP_PATH/wp-content/uploads"
chmod 775 "$WP_PATH/wp-content/uploads/2025"

# 6. Set correct SELinux context to allow upload
echo "🔧 Setting correct SELinux context to allow upload..."
chcon -t httpd_sys_rw_content_t "$WP_PATH/wp-content/uploads" -R


echo "✅ WordPress permissions and security settings applied successfully."