WordPress.org

Ready to get started?Download WordPress

Forums

file permissions for wp-config.php (6 posts)

  1. kafranklin
    Member
    Posted 8 years ago #

    I want to make sure that I am not opening up a security hole or allowing anyone to see my database password. I currently have permissions on wp-config.php set to 644. Is this OK?

  2. moshu
    Member
    Posted 8 years ago #

    try to type in your browser's addres line:
    yourdomain.com/blog/wp-config.php - or wherever it is :)

  3. fmobus
    Member
    Posted 8 years ago #

    what about other users on a shared hosting scenario? This file should be owned by "apache" user and chmod'd 600

  4. Austin Matzko
    Member
    Posted 8 years ago #

    This file should be owned by "apache" user

    How would that help in a shared hosting environment? Wouldn't it open up the possibility of someone reading in the file's contents using PHP, for example?

  5. whooami
    Member
    Posted 8 years ago #

    something ending in 0 is the preferred permissions.
    The problem is that IF the file is world writable/readable _AND_ there's no open_basedir restriction for the PHP installation on the server.. they could potentially include( '/var/www/someotheruser/public_html/wp-config.php' ) and echo the DB password.

    If you cant do that.. 644 is the next best thing.

  6. gconn77
    Member
    Posted 7 years ago #

    Hey there... just curious what the final decision was on this? I know that 644 was the second best... but what are you saying was the first best setting: 600?

Topic Closed

This topic has been closed to new replies.

About this Topic