Posted 7 years ago #
Hi,
Okay, got everything humming. So now I want to lock down my wp setup before I go live. What should I do?
I read and followed http://codex.wordpress.org/Hardening_WordPress but it's a draft and may not concern newer security problems.
Also, what number permission should all files and folders be? I see people mention 666, 644, 777, etc.
Thanks
Posted 7 years ago #
You can delete the /wp-admin/install.php and /wp-admin/upgrade.php from your setup. Ensure that the permissions of files and directory are not more than 644 (Own er Read/Write, Group Read, World Read) permissions.
You MIGHT have to change the /wp-content directory to slightly different permission to get caching or some plugins happy.
Regards
Here's a codex article that might help: http://codex.wordpress.org/Hardening_WordPress
Posted 7 years ago #
777 is a VERY bad thing.
Posted 7 years ago #
Okay, I looked at the file perm's on my host, and all files are 644, and all folders are 755.
Good?
And Cypher, regarding /wp-content...
IF it is the case that a plugin needs more permission, what number would the file perm need to be, and could I just enable that perm long enough to get the plugin to activate and configure, and then set the file perm back?
Thanks everyone
This topic has been closed to new replies.
