I have mine at 0400 so nobody but me can change it on a shared server at BlueHost and everything works just fine.
Due to past experience I’d prefer a second opinion. **
**Don’t want to reset permission on hundreds of files again and have 8 broken websites
**Don’t want to reset permission on hundreds of files again and have 8 broken websites
Your topic title seems specific to wp-config.php. That’s one file per site.
In the context of a shared server environment where all of your files are owned by the user account, “All files should be 644 or 640. Exception: wp-config.php should be 600 to prevent other users on the server from reading it.” If you can use lower permissions than that with no issue, then that’s perfectly fine as well.
General reference material:
Changing File Permissions > Permission Scheme for WordPress
Hardening WordPress > Securing wp-config.php
600 it is, thanks!
(in reference to the other issue — a certain person said to set chmod on all files and folders one way and i did so. Broke every site. Had to redo every file/folder on every site, most one at a time on the iPad rather than laptop)
If you ever encounter that situation again, you can set all of the files and directory permissions recursively from the command line in a console. It saves a heck of a lot of time, (usually only takes a few seconds) and sure beats one at a time.
A very generic example of what it might look for future reference if ever needed..
find . -type f -exec chmod 644 {} \;
find . -type d -exec chmod 755 {} \;
You can see where one is aimed at setting all files in the path where it’s used to 644, and the other all directories to 755
In the context of a shared server environment where all of your files are owned by the user account, “All files should be 644 or 640. Exception: wp-config.php should be 600 to prevent other users on the server from reading it.”
Exactly, and the 0600 is only necessary when the *owner* wants to write to it! Plugins and such will just have to do without that luxury even if that is a bit inconvenient for me when I do have to go change it every once in a great while.
Clayton, thanks again. But I was told of the error and had to fix it fast — on my iPad. Don’t know how to go to a terminal in Apple products, just Windows. And in my FTP program for Windows I can highlight a list of files, click chmod, enter in the code, and bam. I did it yesterday for one site.
leejosepho, I’m sorry but last time I listened to you about chmod I spent about 8 hours fixing my broken sites. Spent well over two hours in the past two days fixing one I missed. I won’t take your responses seriously ever again.
leejosepho, I’m sorry but last time I listened to you about chmod I spent about 8 hours fixing my broken sites.
There must have been a misunderstanding somewhere, but I am glad you got it fixed and have someone you trust for good advice.
No misunderstanding. You posted about Bulletproof Security and listed chmod codes to use. I found the post yesterday by searching your posts from a month or less back. It not personal, you’re probably a nice guy/girl, but once burned …
