Should I make wp-config.php should be 750 with file attributes? (5 posts)

  1. listerdl
    Posted 4 years ago #

    I am on a shared server. If I use Filezilla and right click wp-config.php the code is: 644.

    According to wordpress security this should be 750 "which meanss no other user will be able to read your database username and password. If you have FTP or shell access, do the following:

    chmod 750 wp-config.php"

    Just want to make sure because 750 seems to allow Group Permission to execute (but did remove Public viewing the password info.)

    Just wanted to make sure!!!! Thanks

  2. listerdl
    Posted 4 years ago #

    or said another way, can anyone tell me if you use this permission for your set-up? Thanks

  3. Big Bagel
    Posted 4 years ago #

    Are you referring to this page?

    Hardening WordPress

    In a nutshell, that bit was wonky; I went ahead and deleted it.

    Your permissions for wp-config.php should be as restrictive as you can make them with your specific server config. Mine is currently set to 400. Just start at 444 and remove permissions in increments (444->440->400). If a change causes your site to break, you now know the lowest you can go. Adding this to your .htaccess is another good way to prevent people from accessing your wp-config.php file:

    <Files wp-config.php>
    order allow,deny
    deny from all
  4. listerdl
    Posted 4 years ago #

    that's great to know thanks.

    the .htaccess is a great idea i use that already.

    I guess SSL would be ideal as well right?

  5. Big Bagel
    Posted 4 years ago #

    SSL is great for preventing anyone from intercepting sensitive information, like your password, but I don't really see how it would increase security in regards to your actual files like wp-config.php. Unless you have a reason for using SSL, such as running an online store in which you process payment information, SSL is a bit overkill. At most, I'd use it for the administration area, as it increases the time it takes for a page to load.

    Administration Over SSL

Topic Closed

This topic has been closed to new replies.

About this Topic


No tags yet.