Should I make wp-config.php should be 750 with file attributes?

  • listerdl

    (@listerdl)


    12 years, 6 months ago

    I am on a shared server. If I use Filezilla and right click wp-config.php the code is: 644.

    According to wordpress security this should be 750 “which meanss no other user will be able to read your database username and password. If you have FTP or shell access, do the following:

    chmod 750 wp-config.php”

    Just want to make sure because 750 seems to allow Group Permission to execute (but did remove Public viewing the password info.)

    Just wanted to make sure!!!! Thanks

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter listerdl

    (@listerdl)

    12 years, 6 months ago

    or said another way, can anyone tell me if you use this permission for your set-up? Thanks

    Big Bagel

    (@big-bagel)

    12 years, 6 months ago

    Are you referring to this page?

    Hardening WordPress

    In a nutshell, that bit was wonky; I went ahead and deleted it.

    Your permissions for wp-config.php should be as restrictive as you can make them with your specific server config. Mine is currently set to 400. Just start at 444 and remove permissions in increments (444->440->400). If a change causes your site to break, you now know the lowest you can go. Adding this to your .htaccess is another good way to prevent people from accessing your wp-config.php file:

    <Files wp-config.php>
order allow,deny
deny from all
</Files>
    Thread Starter listerdl

    (@listerdl)

    12 years, 6 months ago

    that’s great to know thanks.

    the .htaccess is a great idea i use that already.

    I guess SSL would be ideal as well right?

    Big Bagel

    (@big-bagel)

    12 years, 6 months ago

    SSL is great for preventing anyone from intercepting sensitive information, like your password, but I don’t really see how it would increase security in regards to your actual files like wp-config.php. Unless you have a reason for using SSL, such as running an online store in which you process payment information, SSL is a bit overkill. At most, I’d use it for the administration area, as it increases the time it takes for a page to load.

    Administration Over SSL

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Should I make wp-config.php should be 750 with file attributes?’ is closed to new replies.