You should be able to do 644 which is fine. The last byte is for Everyone. 4 is read privledge. making it 6 is Read + Execute and there is nothing to execute.
Thanks for the reply, webjunk…
According to my FTP client, 646 is:
User: Read/Write
Group: Read
World: Read/Write
I have tried all combinations, and only 646 works with the plugin…The question is: Is using 646 for those two files a serious security risk?
WOuld contact your host. Should not be world writable. Sounds like there is something wrong with ownership of the files.
Webjunk:
I got the following reply from my host, does their reply seem sound to you?
The files that you mentioned are owned by your username, and by default
they would only be writable by your username. WordPress (or PHP in
general) will not write to files as your username by default. PHP will
write to files using the username nobody. The username nobody is not able
to write to files owned by your username, and vice versa.
One way around that is to make your files world writable, but that is
insecure as you mentioned and should be avoided. A better option would be
to instruct PHP to write to files as your username, instead of the
username nobody. That would allow you to set permissions so that only
your username can write to your files, and PHP can still write to them
too. That is done using php-cgiwrap, which is explained here:
http://kb.pair.com/f25
Are you hosted on a NON-MANAGED dedicated server? Otherwise support at your host should fix this for you. Not have you make these changes.
This is more a work-around because of how they (wrongly) set the server up. But have seen (in the past) servers setup this way. And my opinion but very dangerous currently having to leave scripts world writeable. And their fix is not the best. First there have been known exploits that if outsiders can access the script for cgiwrap, then THEY are running with YOUR username and can access everything your Username can. Second I do not know what build your server is but there was issues with cgiwrap and resources/memory.
My hosting is a shared plan. PHP is 5.2.13
The permissions thing has been an issue in the past, my own workaround was to change the effected files temporarily then change them back. I could do that with the XML Sitemap Gen plugin, but then it wouldn’t be able to automatically update the sitemap on the fly, I would have to do it manually after changing the permissions, then change them back.
hmmm, what to do…any advice?
Respond to your last Support ticket and ask them if they can make the change for you. A decent host should do this as standard service.
My own opinion? Move to a better host. Don’t like their server config. Many of the issues on this forum are because of server configs.
Don’t like they sent you the change directions instead of making it themselves or asking if you want them to do it. For dedicated server maybe, but not for shared hosting. More than 90% of my clients are on Hostgator because I have very few problems, love their server builds and their support is usually excellent. There are also several on the front of this site which have similar reliability. Would choose one and many of your site issues might be resolved.
Thanks for all the advice. I’ll have to seriously consider changing hosts.
