WordPress.org

Ready to get started?Download WordPress

Forums

Suggested File Permissions for Security? (7 posts)

  1. userx
    Member
    Posted 9 years ago #

    I searched for a breakdown of the suggested directory folder permisions and found an excellent one at the Codex.

    It also said: "In a WordPress install, two files that you will probably want to alter are the index page, and the css which controls the layout." What does changing these files from rw-r-r to rw-rw-rw (644 - 666) actually do?

    Also, just for clarity's sake, and to double check, if I add custom rules to the .htaccess should they be placed above # BEGIN WordPress or below # End WordPress, or does it matter? Thanks.

  2. skippy
    Member
    Posted 9 years ago #

    Changing from 644 to 666 makes the files writable by everyone. This is necessary if you want to be able to edit your theme files through the built-in theme editor.

    It should not matter where you place your custom rules in .htaccess, as long as they're not between #BEGIN and END.

  3. userx
    Member
    Posted 9 years ago #

    Thanks skippy.

  4. masquerade
    Member
    Posted 9 years ago #

    http://codex.wordpress.org/Hardening_WordPress

    There's a section there on file permissions.

  5. bull_677
    Member
    Posted 9 years ago #

    Skippy when you say "everyone" you mean any one that can log in to the admin section of your site correct? or am I wrong?

  6. skippy
    Member
    Posted 9 years ago #

    No, I mean everyone who has access to that directory on the server.

    If you're running this server yourself, and you're the only user, then the issue is (relatively) minor.

    But if you're using a hosting provider and are on a shared host, then other users on the same server will have write permission to those files. They will not be able to use the WordPress Theme Editor; but if they have shell access to the server they can simply open those files in a text editor.

  7. userx
    Member
    Posted 9 years ago #

    Wow. Shouldn't that be made clear in the codex? It simply says: "In a WordPress install, two files that you will probably want to alter are the index page, and the css which controls the layout." I probably Wouldn't want to change the permisisons on these files if what you say is the case. At any rate, thank you for clearing that up.

Topic Closed

This topic has been closed to new replies.

About this Topic