Lately, I have run in some security problems due to vulnerabilities in plugins. For this reason, I want to have a restrictive permission scheme unless i wish to install plugin or update wordpress.
When a WordPress is only running and serving content, that is it is not being updated, nor plugin or theme is being installed, which files & directories need to be writable? Is it only wp-content/uploads and wp-content/cache folder?