Solved

WordPress Security

Posted on 2013-06-23
3
343 Views
Last Modified: 2013-06-23
I've been having security issues with Wordpress sites on a win 2008 server.

Which files and folders need IUSR mod permissions?

Also need advice on other security measures.
Also, I'm considering moving to GoDaddy??
0
Comment
Question by:webdork
  • 2
3 Comments
 
LVL 6

Accepted Solution

by:
Vijay Pratap Singh earned 500 total points
ID: 39270308
First of all always update wordpress version and all plugins, I suggest you to use Linux Server that will be better and Godday is a good choice now permissions :

Directories should have, at most, permissions of 755. If you have a directory that is 777 then that can be written to.

Files should be, at most, 664. If you use the WP editor, you might need these files to be 666 but you really should revert them back to 664 after making any changes. You must never ever have ANY file at permissions greater than 666 unless you are directed specifically to do so.

777
Some hosts will only allow you to upload images (using WP) if the images folder is 777. That leaves your site at a certain level of risk. Email them and check what the minimum permissions are. Despite what they first say, this is NOT a WP issue - it's a security issue.
If your host insists that 777 is the only number, start looking for another host. 755 can be done by hosts (my directories are all 755) that take security seriously.
0
 

Author Comment

by:webdork
ID: 39270318
Hey, thanks for the quick response.

I don't understand permission as well as I should. I see public, group and owner.

How can I keep the public at bay while giving WP Admin enough permission to upload images and make CMS changes?
0
 

Author Closing Comment

by:webdork
ID: 39270319
Fast and detailed. Who could ask for more?
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Transferring a wordpress site from a host or local dev server to another host can be a pain. So I've included my steps on how I have accomplished this task. Steps include an assumption that you have Cpanel access or Ftp access.. If you do not hav…
Most ColdFusion developers get confused between the CFSet, Duplicate, and Structcopy methods of copying a Structure, especially which one to use when. This Article will explain the differences in the approaches with examples; therefore, after readin…
The purpose of this video is to demonstrate how to create a Printer Friendly PDF on a WordPress Page. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome Screenshot” Google Chrome Extension, and SmallPDF.com Log…
This video teaches users how to migrate an existing Wordpress website to a new domain.

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question