Comment 4 for bug 614195

Adam Conrad (adconrad) wrote :

Giving the web server (under www-data or any other user) complete write access to Wordpress is not a good idea, regardless. The installation docs even go in depth to tell you how to temporarily make the config file writeable (say, chmod 666 config.php) so you can run the config script, then tell you to undo that afterward.

Why do you think having write access to your scripts is a reasonable and "correct" setup that we should be shipping out of the box?

(Yes, sometimes you want an upload directory, tmp-style, for certain CMSes, again, you can chmod just those directories, no need to have your entire web root writable by a web server)