WordPress.org

Support

Support » Plugins and Hacks » [Resolved] File and folder permissions

[Resolved] File and folder permissions

Viewing 14 replies - 1 through 14 (of 14 total)
  • Plugin Author AITpro
    Participant

    @aitpro

    705 permissions on the root folder causes a lot of folks not to be able to access their website root folder and causes 500 Internal Server errors. 705 permissions are more restrictive than 750 permissions. If you cannot access the site then change the root folder permissions to the standard 755 permissions. Folder permissions are really no longer that important to change.

    The trend for hackers/hacking methods is this:

    1. They target the FTP password first and try to crack it with automated FTP password cracking tools – there are tons of free FTP password cracking tools/apps available online.
    2. They target the WordPress login next and attempt to crack WordPress login passwords.
    3. A wide range of various attack methods targeting the /plugins and /uploads folder.
    4. All the other standard types of hacking methods.

    BPS already protects against Directory traversal attacks so changing folder permissions is not really that important.

    http://en.wikipedia.org/wiki/Directory_traversal_attack

    I’d just like to chime in for a clarification:

    BPS version .48 (and earlier) recommended 705 for the root folder.

    BPS version .48.2 now recommends 750 for the root folder.

    Is that a changed recommendation, or just a typo?

    Plugin Author AITpro
    Participant

    @aitpro

    It was a mistake on my part. It never should have been 705 permissions and should have always been 750 permissions. I CAN use 705 permissions, but most folks CANNOT. In any case, the ONLY file permissions that make a significant difference are changing the root .htaccess file to 404 and wp-config.php, index.php and wp-blog-header.php to 400.

    Thanks.

    As always – great support 🙂

    OOOOPS!!

    For me, changing my root folder to the recommended 750, results in a 403 permission denied when trying to view my website (I guess that’s the same problem the first poster in this thread has).

    Seems weird if 750 is “less” restrictive, that 705 would have been working fine right along…

    I know you said these permissions are not all that important. But, it seems getting them right, or not, does have some consequences and could lead users to having issues they did not expect.

    I think I’ll stick with 705, as that’s what my 25+ sites are presently set up with.

    Plugin Author AITpro
    Participant

    @aitpro

    hmm I wonder if some Hosts are now doing 705 permissions as a new standard. If so, then this could explain what is going on here. Example: The Host creates a rule somewhere in the Server config file that requires that root folder permissions are 705. This would be a really good thing so maybe it is now becoming a new standard. 705 is obviously much safer than 750. Out of curiousity which Host do you have?

    I am with Canadian Web Hosting in Vancouver BC. http://www.canadianwebhosting.com/

    I’m using HostGator.com for all my sites.

    Plugin Author AITpro
    Participant

    @aitpro

    Ok I have a HostGator hosting account as well as some others so I will fiddle around and see what is up. Thanks.

    Plugin Author AITpro
    Participant

    @aitpro

    big oops. LOL 745 does work – 750 is a NO GO. 705 works and is the optimum setting. Guess I’ll change the recommendation back to 705 in the next BPS release. ha ha ha.

    Thanks for always doing your best to support and improve this great FREE plugin 🙂

    Plugin Author AITpro
    Participant

    @aitpro

    @adicerni – didn’t see that you posted a reply. Sorry about that. Anyway I screwed up by changing the recommendation from 705 to 750. 750 would not work on any host that I can think of. DOH! If I was going to recommend a decreased permission setting then I should have stated 745. 705 is the optimum permission setting so stick with that.

    No problem, glad I brought it up in the first place now.

    Anyway I’ve changed all my sites to 705 again and they’re working fine.

    Thanks for your support and great plugin.

    Plugin Author AITpro
    Participant

    @aitpro

    And if I release another BPS version this soon just for this issue/problem people are going to get pissed off. I have a couple of new things that I want to add to BPS so I will get those done in a week and release another update with the permission correction.

Viewing 14 replies - 1 through 14 (of 14 total)
  • The topic ‘[Resolved] File and folder permissions’ is closed to new replies.