Posted 11 months ago #
What is the most locked down file permission I can give to all the index.php files in a typical WordPress install?
My site is constantly being attacked and my index.php files are frequently being rewritten. This seems to be the only files are that targeted.
I routinely change my FTP password but this does not solve the problem.
I forget what I have the file permission set to now but I do know it is what was issued by WordPress when it was installed in the default fashion.
Posted 11 months ago #
I would try locking it down to 400 and see if you can view your site that way. If so, that should be good. If not, try 440. If that doesn't work, try 444.
The index.php files are only ever written to when you perform updates to WordPress, so you don't need to give them write permissions for normal use.
It should be 666 (yeah I know).
But read http://codex.wordpress.org/Hardening_WordPress and http://codex.wordpress.org/Changing_File_Permissions
And honestly, if THAT file keeps getting changed, I would think that either you have an insecure plugin or theme, or your server has a hole in its security.
You must log in to post.
