I just installed, now what kind of steps for security? (5 posts)

  1. garbonzo
    Posted 10 years ago #


    Okay, got everything humming. So now I want to lock down my wp setup before I go live. What should I do?

    I read and followed http://codex.wordpress.org/Hardening_WordPress but it's a draft and may not concern newer security problems.

    Also, what number permission should all files and folders be? I see people mention 666, 644, 777, etc.


  2. Cypher
    Posted 10 years ago #

    You can delete the /wp-admin/install.php and /wp-admin/upgrade.php from your setup. Ensure that the permissions of files and directory are not more than 644 (Own er Read/Write, Group Read, World Read) permissions.

    You MIGHT have to change the /wp-content directory to slightly different permission to get caching or some plugins happy.


  3. Chris_K
    Posted 10 years ago #

    Here's a codex article that might help: http://codex.wordpress.org/Hardening_WordPress

  4. Mark (podz)
    Support Maven
    Posted 10 years ago #

    777 is a VERY bad thing.

  5. garbonzo
    Posted 10 years ago #

    Okay, I looked at the file perm's on my host, and all files are 644, and all folders are 755.


    And Cypher, regarding /wp-content...
    IF it is the case that a plugin needs more permission, what number would the file perm need to be, and could I just enable that perm long enough to get the plugin to activate and configure, and then set the file perm back?

    Thanks everyone

Topic Closed

This topic has been closed to new replies.

About this Topic