WordPress.org

Ready to get started?Download WordPress

Forums

Chmod wp-config (4 posts)

  1. snakerboy
    Member
    Posted 9 years ago #

    Im concerned that someone is messing around with my wp-config file, I currently have this set to 666. Im terms of security how safe is this? Could others possible get the contents of it?
    Any help advice would be great.

  2. Mark (podz)
    Support Maven
    Posted 9 years ago #

    PHP is executed by the server, not the browser.
    PHP itself isn't seen in a browser, just the results.
    Unless someone has ftp access to your site, that file is perfectly fine.
    Why do you think that something is happening ?

  3. snakerboy
    Member
    Posted 9 years ago #

    Because a while ago I got defaced, I put this down to an old copy of phpBB that we had installed, it had a gallery upload its very old and I though there might have been an issue. To be honest, thats fair enough we should have got rid of it.
    But I just got back to my blog and its been defaced again, ive rotated all my passwords again. And its not the main site either its just my directory, which since the last attack if moved away from the rest of the site.
    I was wondering if he config file be pulled from another server running PHP, a remote include style thing? Hence why I asked about 666, I thought perhaps they might be pulling the content into a script.
    I've also removed some of the upload.php and some of the others stuff that Im not using such as the import scripts just to be on the safe side.
    Cheers for your help

  4. error
    Member
    Posted 9 years ago #

    On a hosted site, 666 is not the way to go. Sure it'll make everything work, but it will also let any other customer on the platform have full access to your files.
    Talk to your hosting provider about arranging for only you and the server process to have access to your files. On my system, this is done by changing the group to 'apache' (the server process) and making the files 660. You can do this at a hosted provider, too, but the hosting company has to change the group for you.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.