Forums

WordPress › Support » Installation

Securing in a Windows XAMPP installation (6 posts)

  1. dgewirtz
    Member
    Posted 2 years ago #

    Most of the best-practices documentation on setting up WP talk about setting various permissions and access control for a Linux install. I'm installing on a Windows machine under XAMPP.

    Windows doesn't do permissions like 655, and instead uses it's own internal permissions system. So I'm not sure how to map the WordPress install suggestions to a Windows-based system. Surely, others have secured a WP install on Windows (under Apache), and I'd appreciate any insights into how to do this right.

    And yes, I know about Linux. This host happens to be a Win machine, so that's what I'm stuck with for now.

  2. s_ha_dum (was apljdi)
    Member
    Posted 2 years ago #

    I'm assuming you know how to set Windows permissions using the internal system? (Numeric) *nix permission are in the form of three octal digits. The first one represents the file owner. The second one represents the user 'group' that the file is assigned to and the third one is everyone else. Using that plus this chart you should be able to map the permissions. For example, 655 == owner can read and write the file, the group and everyone else can read and execute the file (but not write to it). I've never used XAMPP though, there may be some kind of internal permissions tool.

  3. esmi
    Theme Diva & Forum Moderator
    Posted 2 years ago #

    Surely, others have secured a WP install on Windows (under Apache)

    All of the publically accessible Windows installs that I've seen have used a Windows IIS Server - not XAMPP. I always assumed that was more for development testing. I'm not sure that there is a way to set permissions under XAMPP.

  4. s_ha_dum (was apljdi)
    Member
    Posted 2 years ago #

    I'm not sure that there is a way to set permissions under XAMPP.

    And if it is a local install behind a firewall, this issue is much less worry than it would be on a net accessible box. I meant to mention that on my earlier post.

  5. dgewirtz
    Member
    Posted 2 years ago #

    Well, it's behind a firewall, but obviously port 80 is open. *NIX permissions are meant really for users and groups, but since the Web server is considered a user, the permissions are really designed to determine what the server itself is permitted to do.

    The same is theoretically true of the same server running under Windows. Except it's just not clear what sort of user Apache is under Windows, as compared to both IIS or Apache on a *NIX machine.

  6. s_ha_dum (was apljdi)
    Member
    Posted 2 years ago #

    Well, it's behind a firewall, but obviously port 80 is open.

    Yes, but the key is whether it is accessible from outside of the LAN-- unless you have roommates you really, really don't trust.

    ... the permissions are really designed to determine what the server itself is permitted to do.

    Sure.

    ...it's just not clear what sort of user Apache is under Windows...

    Well, yes, but its not clear what anything is when running under Windows :) This might help though.

    You can get the apache user and group by running a phpinfo() script, if you haven't already done so. hmmm... at least I think you can. I've never tried it on a Windows/Apache setup.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags