WordPress.org

1. hayhehes
   Member
   Posted 5 years ago #

   Okay I have read a lot of the past threads about permissions and the uploads folder. Basically the way I understand it is no uploads situation done over the web can ever be 100 percent secure because the system has to be given write permission. Fine. But from past responses it seems like people agree the BEST way to go about it is to do the following:
   1) Give uploads 777 permissions
   2) Upload a photo
   3) change the uploads directory back to 755 so that it is not world-writeable

   Okay... I am with you guys up until this point. It all makes sense. Except that now I have subfolders called 2007/05 that are both world-writeable (because their parent directory was uploads when ITSELF was world-writeable). So my question is: What is the point in even changing the uploads folder back to 755 when I have these two subfolders that are 777 and whose permissions I am not allowed to change. Isn't that just as bad? Any info would be greatly appreciated!

2. hayhehes
   Member
   Posted 5 years ago #

   By the way I just tried telling wordpress NOT to make subfolders thinking that might be the problem. Here is what happened:

   1) Changed uploads folder to 777
   2) Uploaded a file, success
   3) Checked on server, .jpg file is directly within the uploads directory
   3) Changed uploads folder to 755
   4) Tried to upload a second file, failed:

   "The uploaded file could not be moved, Warning: Cannot modify header information - headers already sent..."

   So I guess the 755 thing doesn't even work at all eh?

Topic Closed

This topic has been closed to new replies.