WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] PErmissions 777 vs 755 (7 posts)

  1. TheJesper
    Member
    Posted 1 year ago #

    Hi,

    This has probably been discussed a million times, but the answers seems to be inconclusive.

    I use FileZilla and it seems I have to set permissions to 777 to the wp-content folder to be able to update/upload files/get plugs etc..

    As I understand it, without specific "unix" experience, the 777 is a security risk due to that it sets public write access.

    However the 775, does not quite do it for me as stated... Should really be sufficient to give all groups write access, but apparently it isn't.

    Where do I go next? How to solve this? Please help me get some clarity in the matter.

    /Jesper

  2. secconsult
    Member
    Posted 1 year ago #

    Hello Jesper,

    in an ideal world file/directory permissions would be set to 750. So only your user can write them, the group (e.g webserver) can read them and nobody else can do anything with the resources.

    Of course sometimes it depends on whether you want to be able to change files from within the WordPress admin interface in which case you could need 770 permissions.

    But, depending on the way user/groups are configured on your server this might not be possible and that's when suddenly 775 is needed, because e.g the webserver is not in the group and can't access the files unless everybody gets read access to it.

    So the next question would be, do you own the server and are able to make arbitrary changes, or is this a precondition that you can't change?

    Another thing to consider is whether the server is shared, or if it is a server that only you have access to. Obviously on shared servers giving everybody read rights to your wp-content folder could have severe security implications.

    Either way check out what WordPress has to say regarding file permissions at the WordPress Security Codex.

  3. TheJesper
    Member
    Posted 1 year ago #

    Thanks for clarifying! Unfortunately I'm not hosting the specific page myself (my own hosting environment uses IIS and here it is no problem for me to limit the permissions).

    I will have to get in contact with the host and see if there are any way I could lower the permission setting without conflicting with the upload functionality. Hopefully they have experience of wordpress-using-clients. Otherwise perhaps they could set the permission for the specific user on the folder or similar!?

    Otherwise I will have to leave the upload folder 777 and set the other folders to 750 when not updating themes or plugins.

    Thanks for your informative answer!
    /Jesper

  4. secconsult
    Member
    Posted 1 year ago #

    Glad I could help!

    Have a good one.

  5. TheJesper
    Member
    Posted 1 year ago #

    Quick response from my great hosting company... Ilait.com! Well, they told me that 777 will not give public write permissions to "the whole world" but only to the users on the server. Due to the "sandboxed" setup the users on the server getting this access is only the ftp-user (vweb) and the appache user (www-data) and, of course the root account.

    Setting the www-data as a member in the group vweb and setting chmod to 770 would apparently not be less of a security hazard since the root already has full access anyway...

    /Jesper Wilfing

  6. aryanchoudhary
    Member
    Posted 10 months ago #

    Hello experts,
    I am WordPress developer having 3 years of experience. I currently set up multi site WordPress. I am facing the problem regarding file permissions. When I gave 755 permissions to uploads folder than in Media file uploading error occur. Its working fine with 777 permission but its a big security whole.

    Please help me to solve this issue.

    Aryan

  7. WPyogi
    Volunteer Moderator
    Posted 10 months ago #

    @aryanchoudhary - you need to start your own thread in the Multisite forum:

    http://wordpress.org/support/forum/multisite

Topic Closed

This topic has been closed to new replies.

About this Topic