WordPress.org

Ready to get started?Download WordPress

Forums

chmod for wp-config.php (4 posts)

  1. shinokada
    Member
    Posted 5 years ago #

    I just got a notice from my host telling that wp-config.php is readable and changed username and password of the mysql.
    (I attached the some of text below)

    What is the best chmod for wp-config.php?

    +++++++++++++++++++++++++
    During a routine review of security issues on our customers webhotels on our web servers, we have found that you have set the file permissions to the configuration file

    /home/1/o/mywebsite/www/blog/wp-config.php

    in a way that makes the file readable for all. This file contains the
    username and password of the mysql database of your webhotel. Configuration files that contains username and password should for security reasons not be readable for others.
    +++++++++++++++++++++++++++

  2. mick.crane
    Member
    Posted 5 years ago #

    gosh so it is, maybe that is not so good! chmod 640 I guess

  3. kjetilgf
    Member
    Posted 5 years ago #

    640
    Nothing else.
    THIS ABSOLUTELY SHOULD BE EMPHASIZED IN THE INSTALL/ UPGRADE INSTRUCTIONS
    If your wp-config file has been readable to others/everyone/public/anyone (whatever your ftp program says) you should change the password of your database and edit your wp-config file accordingly - and set its permissions to 640
    Consult your host about changing the database password if you need.
    Kjetil
    - dolcevita.no - which recently was hacked...

  4. kjetilgf
    Member
    Posted 5 years ago #

    I have to adjust this a bit. What I wrote above counts for WP installs running on a web hotel based on Linux. For eg Windows servers or if you run your own web server the permissions should be set in some other way - which I don't know.
    Kj
    - Not hacked again, maybe also thanks to the AskApache Password Protect plugin - also here

Topic Closed

This topic has been closed to new replies.

About this Topic