Is 777 a safe permission?

Hi WillBrody,

You are correct that giving 777 is not safe. I would classify any server requiring this as inherently insecure.

The issue is all due to server configuration and how your host set up the server. Personally, I do not like any server that requires me to use 777 permissions to let PHP write to a folder. It usually means that the host is NOT using a secure PHP configurations such as SUExec and is instead allowing any user on their web server to run code as a “shared” user. This is inherently bad. People fix it with poor configurations like “safe mode” in PHP, which PHP themselves have deprecated since it doesn’t actually fix any security problems.

In general the chance of some other user on the server exploiting this is quite rare though so not much to worry about. But it might be worth looking at other hosts with more secure shared setups.

Regards,

Jason

Hi WillBrody,

The threat is not from the site owner, it is from other user’s on the server. 777 means they’ll be able to write to that folder.

If you give our folder 777 permissions though it won’t matter much if someone else writes to it and it won’t affect your site.

But the requirement of 777 permissions for PHP to write files generally means all users on that server, who have PHP, will be able to read your entire website contents including wp-config.php database credentials anyway.

I don’t mean to scare monger or anything! I just think it’s important I’m honest with you. Maybe the host has setup the server in a way I’m not familiar with that does make it secure between users. It’s just all servers with the 777 problem I’ve seen aren’t.

Regards,

Jason