Check your web host file permissions first!

| November 23, 2010 | Leave a Comment

WordPress security issues come and go, and while some stay because it’s tough to get the crud out, other times it’s because site owners overlook an important part of keeping their hosts protected: file permissions.

A properly configured web server will not allow users to access the files of another user, regardless of file permissions. The web server is the responsibility of the hosting provider. The methods for doing this (suexec, et al) have been around for 5+ years.

Matt Mullenweg warns against web hosts and other security announcements that place the blame on the WordPress software without first checking if proper file permissions are in place.

Devlounge has an old but still applicable article on protecting your wp-config.php files, for starters. This article on WP Tavern also tackles the issue above and shares more file permission advice especially on shared hosting accounts.

Related Posts

Tags: , , , , , , , , , ,

Leave a Reply