Support » Fixing WordPress » I need some advice with CHMOD settings

  • Hi
    Can I ask some advise from people who understand CHMOD settings bit better than I do. I found this old thread https://wordpress.org/support/topic/plugin-better-wp-security-chmod-444-on where where one user suggested CHMOD settings as per below for “Full Security”

    .htaccess 404
    index.php 400
    wp-blog-header.php 400
    wp-config.php 400
    xmlrpc.php 400
    
    root 705
    wp-admin 701
    wp-content 705
    wp-includes 701

    Of course I would like to make my site as secure as possible but I would not want to go ahead without understanding if these settings could cause my site some conflicts. I mean this post was done like 3 years ago and I assume things have evolved quite a lot. How to go about with making changes for these files, what to bear in mind (like if I do these changes I have to remember to change them back when doing such and such…). I have the following plugins installed and activated (if this information helps).

    Black Studio TinyMCE Widget
    Gallery Bank Pro Edition
    LayerSlider WP
    Less & scss PHP Compilers
    Lockdown WP Admin
    Loginizer
    Slider Revolution
    Unyson
    UpdraftPlus - Backup/Restore
    Wordfence Security
    WP Super Cache

    I would really appreciate any kind of advice.
    Rain

Viewing 4 replies - 1 through 4 (of 4 total)
  • This page will give you more information about CHMOD configuration: https://codex.wordpress.org/Changing_File_Permissions#About_Chmod There’s also a section that gives you a secure example which you can use. This information is coming straight from the WordPress Codex so it should be your best source.

    Thread Starter rainstv

    (@rainstv)

    Thank you for the input. Very useful as its coming straigh from WordPress.

    Interestingly I could not find the below from anywhere. Do I need to be worried?

    600 -rw-------  /home/user/cgi-bin/php.ini
    711 -rwx--x--x  /home/user/cgi-bin/php.cgi
    100 ---x------  /home/user/cgi-bin/php5.cgi

    And any ideas about the below as these were not mentioned. Or am I jst better off not touching them and just leave them as defaults?

    index.php 400
    wp-blog-header.php 400
    wp-config.php 400
    xmlrpc.php 400
    
    root 705
    wp-admin 701
    wp-content 705
    wp-includes 701

    Thanks for any advice.

    Moderator Samuel Wood (Otto)

    (@otto42)

    WordPress.org Admin

    The “correct” answer depends on your hosting configuration. There is no “general” answer one can give with regards to security in this respect.

    The wp-config.php file should have 600 or 700 permissions, whichever still allows the site to work.

    For everything else, 755 is fine for files, and 644 for directories. You can adjust them lower if you like, as long as the site continues to function, then it is acceptable. On the whole, this sort of thing only matters on shared hosting, and if the hosting in such a case is configured properly, then there are likely other restrictions in place which would prevent cross-account access. On single-account hosting, like a VPS or similar, then permissions don’t matter quite so much.

    Thread Starter rainstv

    (@rainstv)

    Beautiful. Thank you for at least some sort of general idea. I kind of anticipated that there won’t be “one size fits all” solution. I’m on shared hosting with SiteGround but it feels like the guys over there are on the top of their game. I think I’m getting the rough concept of how to handle this. Good ol’ trial and error I guess.

    I’ll keep the thread as “not resolved” for couple more days to play around with the settings and if I get bit stuck I will ask help in this thread. After that I will “solve” it.

    Thanks again guys. This is very helpful.

    Cheers

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘I need some advice with CHMOD settings’ is closed to new replies.