In our company we decided to use MODX as primary CMS. Last days we had several hacks on various websites which are using other CMS systems. Because I suggested to switch to MODX, I need to make sure that none of future sites will be hacked. Regarding this I have few questions about it.
For the first MODX site I used advanced install, moved the core outside webroot, renamed "manager" and "connectors" folder.
[Question 1]
First question is regarding file permissions. I know that this depends on server configuration. We use classic php7/apache on freeBSD OS. In public_html folder only "assets" and media source folders needs to be "open" (775 I think?), root and all the rest can be more protected (644 ?).
What about CORE ? From what I know only the "cache" and "components" folder should have write rights? All the rest could be read only or I'm mistaken? Does core need any special permissions if it's outside webroot ?
[Question 2]
Modx upgrades. I'm trying to figure out what I need to backup in case of bad upgrade, so I can roll back. IMO only the database? From what I know, modx upgrades affects only core files, manager and connectors folder and I can assume that core/components and assets folder are untouched, so I don't need to backup them? Or I'm wrong?
[Question 3]
If something goes wrong on upgrade and site is down. Are following steps enough?
1. clear cache
2. upload database backup
3. copy core, manager and connector folder from previous (working) modx version except config files.
[Question 4]
Any other tips how to protect modx installation or how create backup and restore website as fast as possible? Using GIT perhaps ?
Thanx for all the answers