+ Post New Thread
Results 1 to 4 of 4
Web Development Thread, Wordpress: Is This Safe? in Coding and Web Development; I'm poking around my shiny new Wordpress 3.0 install while wiating for web hosting support to get back to me. ...
  1. #1
    CAM
    CAM is offline

    CAM's Avatar
    Join Date
    Mar 2008
    Location
    Burgh Heath, Surrey
    Posts
    4,022
    Thank Post
    803
    Thanked 346 Times in 270 Posts
    Blog Entries
    60
    Rep Power
    278

    Wordpress: Is This Safe?

    I'm poking around my shiny new Wordpress 3.0 install while wiating for web hosting support to get back to me. I've got issues with the uploads folder not working again and I'm not setting permissions on anything to 777! So I had a brainwave and I'm wondering if this will be safe:

    wp-content/uploads folder set to 766 (so Group and World can Read/Write and not Execute)
    .htaccess restricting uploads to JPG, PNG, GIF and denying PHP, HTML, HTM, SHTML, PL, JS

    Is that safe? I don't want people to randomly add files as happened to me before and a hacker's phising page got my last hosting account shut down a few years back. Not sure what I'd do for themes though?

    Also no Shell access.

  2. #2

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    The execute permission on directories is equivalent to the "list folder contents" permission in Windows, so you'll be wanting that one for your httpd user. You also won't be able to control the permission set on files that uploaded through Wordpress on the fly, you'll have to go over them later.

  3. #3
    p858snake's Avatar
    Join Date
    Dec 2008
    Location
    Queensland
    Posts
    1,490
    Thank Post
    37
    Thanked 175 Times in 151 Posts
    Blog Entries
    2
    Rep Power
    51
    755 will usually make wordpress happy for the uploads directory. You only need the user that apache and php are running as to have access to the folder.

  4. #4
    Cue
    Cue is offline
    Cue's Avatar
    Join Date
    Mar 2009
    Location
    Hampshire
    Posts
    118
    Thank Post
    5
    Thanked 13 Times in 12 Posts
    Rep Power
    13
    Who's your host? A lot of hosts come with suPHP installed these days, which basically means that scripts are run as the owner of the file, so you don't actually need to change any permissions at all. Much better than leaving your files open to writing. Of course, if your host doesn't have suPHP enabled, then you'll have to stick to CHMODing, sadly.

SHARE:
+ Post New Thread

Similar Threads

  1. Wordpress..
    By Zaphod in forum Web Development
    Replies: 6
    Last Post: 15th May 2010, 10:53 AM
  2. Joomla or Wordpress
    By cooper in forum Web Development
    Replies: 0
    Last Post: 5th August 2009, 04:06 PM
  3. [Hosting] Wordpress - I got hacked!
    By CAM in forum Web Development
    Replies: 36
    Last Post: 15th May 2009, 06:36 PM
  4. Wordpress MU
    By GrumbleDook in forum Virtual Learning Platforms
    Replies: 2
    Last Post: 3rd May 2009, 09:23 PM
  5. Wordpress MU
    By mark in forum Web Development
    Replies: 0
    Last Post: 1st May 2007, 05:09 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •