WordPress.org

Ready to get started?Download WordPress

Forums

Why does WordPress set 666 on wp-config.php? (5 posts)

  1. aommundsen
    Member
    Posted 2 years ago #

    I just tested installing WordPress without a wp-config.php file, and let WordPress automatically create wp-config.php when doing the installe wizard from the browser.

    However I noticed that when WordPress created wp-config.php file, it set this file to have permissions 666!

    However this only happened to wp-config.php, when uploading images, installing plugins, setting permalinks, then all files created by WordPress get the correct 644 permissions

    The server is running php in cgi mode using suphp, and permissions should never be higher then 644 on files.

    When WordPress create the wp-config.php, why does it create it with 666 permissions?

    Is WordPress going to change this default behaviour of setting wp-config.php to 666, or will this continue to be the default when created by WordPress itself?

    I am a webhost, and when users don't create the wp-config.php themself, they get 666 permissions on the file, and many of them will not understand they should change the permissions, so this is a problem.

  2. Pioneer Valley Web Design
    Member
    Posted 2 years ago #

    Probably because this works best for most large hosts?

    Write a script to force it to 644.

  3. kodomo00
    Member
    Posted 1 year ago #

    Was just going to ask the same thing. One of my sites got infected by malware and got blacklisted by google, I found the malicious code in wp-config.php and discovered that it was 666! While in the Codex they recommend 600. Turns out that wp-config.php is 666 on all the WP sites I setup, I agree that they should change the default value to 644 or 600. Just my 2 cents.

  4. esmi
    Forum Moderator
    Posted 1 year ago #

    As far as I am aware, the permissions are set by your server - not WP.

  5. aommundsen
    Member
    Posted 1 year ago #

    No, the permission set on wp-config.php when using the web browser to install WordPress, is set by WordPress to 666 no matter what the server setup is like.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.