Title: Security threat? Last modified: August 21, 2016 --- # Security threat? * Resolved [mosheeshel](https://wordpress.org/support/users/mosheeshel/) * (@mosheeshel) * [13 years ago](https://wordpress.org/support/topic/security-threat/) * My site has been hacked (or a hack was attempted) using the Gallery folder which requires 755 permissions, they managed to upload executable files to the folder and collected some information by executing it… Why does the gallery upload folder require such permissions, and how do I block such future attempts? * [http://wordpress.org/extend/plugins/nextgen-gallery/](http://wordpress.org/extend/plugins/nextgen-gallery/) Viewing 7 replies - 1 through 7 (of 7 total) * Thread Starter [mosheeshel](https://wordpress.org/support/users/mosheeshel/) * (@mosheeshel) * [13 years ago](https://wordpress.org/support/topic/security-threat/#post-3732597) * I’m just adding this found link, not sure this is legit – since it requires a payment, and also I would never attempt using this myself [http://1337day.org/exploit/description/20352](http://1337day.org/exploit/description/20352) * [Edward Caissie](https://wordpress.org/support/users/cais/) * (@cais) * [13 years ago](https://wordpress.org/support/topic/security-threat/#post-3732663) * The directory and file permissions for a default installation of the plugin appear correct (just re-tested with a fresh install of the current release). * You can read more about WordPress Security on this codex page [http://codex.wordpress.org/Hardening_WordPress](http://codex.wordpress.org/Hardening_WordPress) which may help explain why the directory (and files) have the permissions you are concerned about. * Thread Starter [mosheeshel](https://wordpress.org/support/users/mosheeshel/) * (@mosheeshel) * [13 years ago](https://wordpress.org/support/topic/security-threat/#post-3732674) * I’m not implying that the plugin is doing something bad, however, requiring execute permissions on files that are supposedly static (images) seems to me unnecessary. It is required, because if I disable execution in the directory the images suddenly cease to appear (return 404). I might be doing something wrong, but I fail to understand why a directory that should normally contain only images should require an execute permission… The link you metnion [http://codex.wordpress.org/Hardening_WordPress](http://codex.wordpress.org/Hardening_WordPress), only specifies a recommended scheme, and concerning the wp-content folder “User- supplied content: intended to be writable by your user account and the web server process.” (no mention of execution) And also: “Other directories that may be present with /wp-content/ should be documented by whichever plugin or theme requires them. Permissions may vary.” Again, if there is a reason for the execution permission, I’d love to know it, and maybe, just maybe, the explanation can provide me with a solution…. * Maybe my initial subject for this thread was too alarmist, and I apologize, I’ve just been attacked one time too many (the hackers, not anyone here), and it was done through the folder created by this plugin, I don’t blame the plugin author for anything, just looking for some help. Thanks * [Edward Caissie](https://wordpress.org/support/users/cais/) * (@cais) * [13 years ago](https://wordpress.org/support/topic/security-threat/#post-3732676) * The directory permissions starting from ../wp-content are 755; which means the“ User” (you) can read/write/execute, the “Group” can read/execute and “Others” can read/execute. * Unfortunately the term “execute” is misleading for directories, it is actually referring to being able to access the directory; not being able to “run a script” as the permission allows with files. * This link may be helpful as well: [http://www.thegeekstuff.com/2010/04/unix-file-and-directory-permissions/](http://www.thegeekstuff.com/2010/04/unix-file-and-directory-permissions/) * Thread Starter [mosheeshel](https://wordpress.org/support/users/mosheeshel/) * (@mosheeshel) * [13 years ago](https://wordpress.org/support/topic/security-threat/#post-3732683) * Looks like i’ve been barking up the wrong tree, 🙁 I’ll go bury my head somewhere dark, and look for a way to control the permissions of the files created in such a directory… Also i’m still trying to figure out how someone managed to upload a php5.ini file into the above directory (I’m assuming he did it using a script in wordpress, though I’m not sure of anything anymore. * Thread Starter [mosheeshel](https://wordpress.org/support/users/mosheeshel/) * (@mosheeshel) * [13 years ago](https://wordpress.org/support/topic/security-threat/#post-3732684) * Anyway, as far as nextgrn gallery, this aparently not connected so I’m marking this as resolved * [Edward Caissie](https://wordpress.org/support/users/cais/) * (@cais) * [13 years ago](https://wordpress.org/support/topic/security-threat/#post-3732693) * No worries … we are all protective of our sites and just want to find a resolution to any issue that may arise. * You might consider looking at your server logs, or perhaps contacting your web host to have them help/investigate. Best of Luck! Viewing 7 replies - 1 through 7 (of 7 total) The topic ‘Security threat?’ is closed to new replies. * ![](https://ps.w.org/nextgen-gallery/assets/icon-256x256.png?rev=2083961) * [Photo Gallery, Sliders, Proofing and Themes - NextGEN Gallery](https://wordpress.org/plugins/nextgen-gallery/) * [Frequently Asked Questions](https://wordpress.org/plugins/nextgen-gallery/#faq) * [Support Threads](https://wordpress.org/support/plugin/nextgen-gallery/) * [Active Topics](https://wordpress.org/support/plugin/nextgen-gallery/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/nextgen-gallery/unresolved/) * [Reviews](https://wordpress.org/support/plugin/nextgen-gallery/reviews/) * 7 replies * 2 participants * Last reply from: [Edward Caissie](https://wordpress.org/support/users/cais/) * Last activity: [13 years ago](https://wordpress.org/support/topic/security-threat/#post-3732693) * Status: resolved