Support » Fixing WordPress » Why does WordPress set 666 on wp-config.php?

  • I just tested installing WordPress without a wp-config.php file, and let WordPress automatically create wp-config.php when doing the installe wizard from the browser.

    However I noticed that when WordPress created wp-config.php file, it set this file to have permissions 666!

    However this only happened to wp-config.php, when uploading images, installing plugins, setting permalinks, then all files created by WordPress get the correct 644 permissions

    The server is running php in cgi mode using suphp, and permissions should never be higher then 644 on files.

    When WordPress create the wp-config.php, why does it create it with 666 permissions?

    Is WordPress going to change this default behaviour of setting wp-config.php to 666, or will this continue to be the default when created by WordPress itself?

    I am a webhost, and when users don’t create the wp-config.php themself, they get 666 permissions on the file, and many of them will not understand they should change the permissions, so this is a problem.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Probably because this works best for most large hosts?

    Write a script to force it to 644.

    Was just going to ask the same thing. One of my sites got infected by malware and got blacklisted by google, I found the malicious code in wp-config.php and discovered that it was 666! While in the Codex they recommend 600. Turns out that wp-config.php is 666 on all the WP sites I setup, I agree that they should change the default value to 644 or 600. Just my 2 cents.



    Forum Moderator

    As far as I am aware, the permissions are set by your server – not WP.

    No, the permission set on wp-config.php when using the web browser to install WordPress, is set by WordPress to 666 no matter what the server setup is like.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Why does WordPress set 666 on wp-config.php?’ is closed to new replies.