So, in a nutshell wordpress requires certain permissions, and this has changed over time so the online tutorials are contradicting each other.
I'm on centos 6.3 with the latest wordpress.

I ended up doing
chown apache:apache /var/www/html/.htaccess (so it can insert the code for mod_rewrite)

and

chown apache:apache /var/www/html/wp-content/ -R (so it can upload content, pretty useful feature on a CMS

All the other permissions are set to what they were prior, ie chmod 755 /var/www/html/

Question: is this 'bad' or 'insecure' and if so why.
I can't for the love of everything that's good figure out a way to make wordpress behave without the above.

Thank you.

In order to upload files via your content management system, the CMS needs write-access to the directory where the files are to be stored. There's no way around that.

Is it secure? It depends on your CMS. If you're running the latest version of Wordpress then you're probably OK... until the next Wordpress exploit is discovered. If you're not, then a malicious person could use a known exploit to upload their content to your server, or do something else perhaps worse.

Kepp your Wordpress up-to-date.

_________________
sleddog

Many thanks!

to upgrade wordpress, you can use sftp, so you need to set up a user that can sftp in and write to all the wordpress files.

the other way was to have all the wordpress files writeable by apache, but this isn't desirable, so use sftp.