WordPress.org

Ready to get started?Download WordPress

Forums

chmod 777 (6 posts)

  1. Alexandru Vornicescu
    Member
    Posted 1 year ago #

    If my all site directory and files are using 777 access permissions how can this harm my site?
    They (hackers) don't have access to my password, root access password via shh, how hackers can upload a file, change or edit in the site directory?

  2. ClaytonJames
    Member
    Posted 1 year ago #

    Because the files and directories are "world writable". That means anybody that can gain access to them can do pretty much whatever they want. Threats aren't limited to someone simply having your password.

  3. Alexandru Vornicescu
    Member
    Posted 1 year ago #

    can you show me how? or can you write what steps do hackers do to gain the access to the files, edit them... etc...?

  4. ClaytonJames
    Member
    Posted 1 year ago #

    You're making me smile this morning. :-)

    If what you are concerned with is your own WordPress site security, this is a great place to start: http://codex.wordpress.org/Hardening_WordPress

    If you are already managing your own server and need to ask these questions here, you may want to seek out some information on basic server configuration and security issues.

    If you are operating a WordPress website(s) in a shared hosting environment, then you should have a conversation with your hosts support group about safe/allowed file and directory permissions for their environment. Incorrectly configured permissions in shared environments are likely to be at pretty high risk for compromise.

    Spend a few minutes with Google, and you will find an unlimited wealth of information and opinion on server security issues, best practices, and the pros and cons of different permissions schemes that apply not only to WordPress, but to any web based application.

  5. Alexandru Vornicescu
    Member
    Posted 1 year ago #

    Thanks for your answer!
    I searched in Google for chmod 777 and I after reading some articles you can realize that setting such permission to whole var/www directory will make your site hacked the same day! :D
    It this very funny for people that does not realize what a real security risk is... like using a timthumb old script, or a old theme like canvas.

    Or I'm not right?

  6. ClaytonJames
    Member
    Posted 1 year ago #

    It's certainly possible. Often times, your host will have the best suggestion for what your file and folder permissions should be, but like you say.. you should also be careful to make sure that plugins and themes come from safe and reliable sources, and that you are always using the newest versions. Keeping updated is very important.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags