Posted 6 years ago #
A strange thing happened today as I checked my web stats. Some of my more popular pages that are being visited are in my wp-content folder. What's even stranger is that I didn't put them there. Some of the files are:
/wp-content/somaonline.htm
/wp-content/pharmacyphentermine.htm
/wp-content/cheapalprazolam.htm
How does someone place these files in my wp-content folder without me knowing or giving permission?
Thanks
Posted 6 years ago #
Probably because you did "give permission" by leaving your wp-content folder world-writeable (777).
Posted 6 years ago #
That's the case. What should permission be set at, 644? Is this the only folder I should worry about or are all folders at risk to something like this?
Thanks so much for quickly getting to this issue and solving it!!
Posted 6 years ago #
Files at 644, folders at 755 is generally sufficient. Any folder will be at risk if set at 777. If you need to have a folder set at 777 for a short time for whatever reason, fine, just be SURE that you return it to 755 when you've finished.
This was relatively harmless in your case; there are far far worse things that can happen!
Posted 6 years ago #
Thanks so very much. I appreciate the help!!!
Posted 6 years ago #
Edit: Post Updated -not necessary.
Posted 6 years ago #
"How does someone place these files in my wp-content folder without me knowing or giving permission?"
Once you've granted "writable permission" to your content directory, anyone with the even the basic scripting skills can pretty much put anything they bloody well like there.
This is unfortunately quite a problem for most installations. If you're in a SHARED environment, you should check that your hosting provider (if they use Apache) is using the PHP directive "open_basedir" for ALL their virtual domains, assuming your website is running in a shared environment.
If your ARE in a shared environment, and your hosting people ARE using Apache but they're NOT implementing the "open_basedir" directive (usually via vhosts.conf), then you're asking for trouble because your 755 mask will NOT save you.
EDIT: I forgot to say that the reason I mentioned the "open_basedir" directive is because I STILL encounter hosting providers who don't bother to set it.
Posted 6 years ago #
If your host is good about things, good to you, and is good in general, you can ask them to make your folder and file permissions set to the following default settings:
Folders = 755
Files = 644
So from then on, they should already get those above two settings automatically.. I've asked my host to do that, and it's setup like that now.. Good luck! ;) =)
spencerp
This topic has been closed to new replies.
