Support » Fixing WordPress » I just installed, now what kind of steps for security?

  • Hi,

    Okay, got everything humming. So now I want to lock down my wp setup before I go live. What should I do?

    I read and followed http://codex.wordpress.org/Hardening_WordPress but it’s a draft and may not concern newer security problems.

    Also, what number permission should all files and folders be? I see people mention 666, 644, 777, etc.

    Thanks

Viewing 4 replies - 1 through 4 (of 4 total)
  • You can delete the /wp-admin/install.php and /wp-admin/upgrade.php from your setup. Ensure that the permissions of files and directory are not more than 644 (Own er Read/Write, Group Read, World Read) permissions.

    You MIGHT have to change the /wp-content directory to slightly different permission to get caching or some plugins happy.

    Regards

    Here’s a codex article that might help: http://codex.wordpress.org/Hardening_WordPress

    Mark (podz)

    (@podz)

    Support Maven

    777 is a VERY bad thing.

    Okay, I looked at the file perm’s on my host, and all files are 644, and all folders are 755.

    Good?

    And Cypher, regarding /wp-content…
    IF it is the case that a plugin needs more permission, what number would the file perm need to be, and could I just enable that perm long enough to get the plugin to activate and configure, and then set the file perm back?

    Thanks everyone

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘I just installed, now what kind of steps for security?’ is closed to new replies.