It depends on your web host. So, you are best to ask your web host that question.
For example, here is the answer I got from my web hosting company two years ago (note the complexity of the answer) when I asked if 777 was a security risk:
Yes. However, it doesn’t mean a hacker/anyone can delete your files. It does however mean that anyone on the system can do that. Therefore, if one of our other customers had shell access on the same server and knew the directory had the 777 permission, they would be able to write to it. You are running into this issue because you are using PHP v4. Our PHP v5 runs as CGI and works the same as your old host. We try to accomodate all applications on our servers so not only do we provide PHP v5 and PHP v4 but our PHP v5 is running as CGI and PHP v4 is an Apache module. When its an apache module, php runs as the Apache user so it needs the 777 to upload. As CGI, it runs as your user so you can even get away with 644.
I think as long as users from outside can’t upload script to your directory then it is still okay. But still better if you not use 777 permission. CMIW
Thank you for your replies! It looks like it could be a risk but not as bad as I was thinking.
I’m wondering how other people are using this plugin, as I said this seems to be a very popular plugin.
This is the plugin:
http://wordpress.org/extend/plugins/wp-db-backup/
Can some already using it give us your opinion, tell us how are you using it or if there are other work arounds?
Thanks a lot!
