I've recently transferred my blog from running from a personal computer to a paid host, and for the first time am running from a *nix server.
I'm reviewing all my permissions, trying to make it as secure as possible without losing any core functionality. I can assure you, I've searched for weeks, far and wide before asking for help on this.
My key question is, many people seem to believe that it is okay to have the permissions of 777 on the /wp-content folder. Looking at all of these forum posts, there is a lot of people that use 777 because they're told it's what you have to do to be able to upload files, but then there are an equal number of people saying that you should only use 755 for folders at the most, and definitely avoid using 777.
This unofficial article suggests to avoid 777 on any folder with a ten foot pole, whereas the codex states that 777 is required on /wp-content to be able to upload files. It also suggests to use 777 on /wp-content here.
However, a moderator wrote a post a couple years ago stating that 755 should be the highest folder permission used! The guy (Podz) goes on to explain that:
755 can be done by hosts (my directories are all 755) that take security seriously
but doesn't explain how it can be done. My host seems to not be able to do it for 755, even though I've verified with the host that ownership is me.
If 777 is a security risk, then why does the Codex state that it is a prerequisite for using WP to upload?
It would be great if someone like Podz who knows about how to get uploads to work for 755 on a host could explain what is required, then many forum posts need not be created (and would be solved). Otherwise, I will have to make my uploads folder 777 which is clearly introduces security concerns.
The only other solution I found in the forum posts is the "Open_Basedir" solution, but I don't what relevance that has in the scheme of things. In the meantime I will check, but what I really want to know is if 777 on /wp-content is really a security threat or not.
Thanks in advance,