Web Development Thread, Wordpress: Is This Safe? in Coding and Web Development; I'm poking around my shiny new Wordpress 3.0 install while wiating for web hosting support to get back to me. ...
23rd July 2010, 11:49 AM #1
Wordpress: Is This Safe?
I'm poking around my shiny new Wordpress 3.0 install while wiating for web hosting support to get back to me. I've got issues with the uploads folder not working again and I'm not setting permissions on anything to 777! So I had a brainwave and I'm wondering if this will be safe:
wp-content/uploads folder set to 766 (so Group and World can Read/Write and not Execute)
.htaccess restricting uploads to JPG, PNG, GIF and denying PHP, HTML, HTM, SHTML, PL, JS
Is that safe? I don't want people to randomly add files as happened to me before and a hacker's phising page got my last hosting account shut down a few years back. Not sure what I'd do for themes though?
Also no Shell access.
23rd July 2010, 12:22 PM #2
The execute permission on directories is equivalent to the "list folder contents" permission in Windows, so you'll be wanting that one for your httpd user. You also won't be able to control the permission set on files that uploaded through Wordpress on the fly, you'll have to go over them later.
23rd July 2010, 12:48 PM #3
755 will usually make wordpress happy for the uploads directory. You only need the user that apache and php are running as to have access to the folder.
23rd July 2010, 03:02 PM #4
Who's your host? A lot of hosts come with suPHP installed these days, which basically means that scripts are run as the owner of the file, so you don't actually need to change any permissions at all. Much better than leaving your files open to writing. Of course, if your host doesn't have suPHP enabled, then you'll have to stick to CHMODing, sadly.
By Zaphod in forum Web Development
Last Post: 15th May 2010, 10:53 AM
By cooper in forum Web Development
Last Post: 5th August 2009, 04:06 PM
By CAM in forum Web Development
Last Post: 15th May 2009, 06:36 PM
By GrumbleDook in forum Virtual Learning Platforms
Last Post: 3rd May 2009, 09:23 PM
By mark in forum Web Development
Last Post: 1st May 2007, 05:09 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)