Solved

WordPress Security

Posted on 2013-06-23
3
350 Views
Last Modified: 2013-06-23
I've been having security issues with Wordpress sites on a win 2008 server.

Which files and folders need IUSR mod permissions?

Also need advice on other security measures.
Also, I'm considering moving to GoDaddy??
0
Comment
Question by:webdork
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 6

Accepted Solution

by:
Vijay Pratap Singh earned 500 total points
ID: 39270308
First of all always update wordpress version and all plugins, I suggest you to use Linux Server that will be better and Godday is a good choice now permissions :

Directories should have, at most, permissions of 755. If you have a directory that is 777 then that can be written to.

Files should be, at most, 664. If you use the WP editor, you might need these files to be 666 but you really should revert them back to 664 after making any changes. You must never ever have ANY file at permissions greater than 666 unless you are directed specifically to do so.

777
Some hosts will only allow you to upload images (using WP) if the images folder is 777. That leaves your site at a certain level of risk. Email them and check what the minimum permissions are. Despite what they first say, this is NOT a WP issue - it's a security issue.
If your host insists that 777 is the only number, start looking for another host. 755 can be done by hosts (my directories are all 755) that take security seriously.
0
 

Author Comment

by:webdork
ID: 39270318
Hey, thanks for the quick response.

I don't understand permission as well as I should. I see public, group and owner.

How can I keep the public at bay while giving WP Admin enough permission to upload images and make CMS changes?
0
 

Author Closing Comment

by:webdork
ID: 39270319
Fast and detailed. Who could ask for more?
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
When it comes to security, close monitoring is a must. According to WhiteHat Security annual report, a substantial number of all web applications are vulnerable always. Monitis offers a new product - fully-featured Website security monitoring and pr…
The purpose of this video is to demonstrate how to set up the permalinks on a WordPress Website. This will be demonstrated using a Windows 8 PC. Go to your WordPress login page. This will look like the following: mywebsite.com/wp-login.php : Go t…
The is a quite short video tutorial. In this video, I'm going to show you how to create self-host WordPress blog with free hosting service.
Suggested Courses

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question