Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

WordPress Security

Posted on 2013-06-23
3
Medium Priority
?
362 Views
Last Modified: 2013-06-23
I've been having security issues with Wordpress sites on a win 2008 server.

Which files and folders need IUSR mod permissions?

Also need advice on other security measures.
Also, I'm considering moving to GoDaddy??
0
Comment
Question by:webdork
  • 2
3 Comments
 
LVL 6

Accepted Solution

by:
Vijay Pratap Singh earned 2000 total points
ID: 39270308
First of all always update wordpress version and all plugins, I suggest you to use Linux Server that will be better and Godday is a good choice now permissions :

Directories should have, at most, permissions of 755. If you have a directory that is 777 then that can be written to.

Files should be, at most, 664. If you use the WP editor, you might need these files to be 666 but you really should revert them back to 664 after making any changes. You must never ever have ANY file at permissions greater than 666 unless you are directed specifically to do so.

777
Some hosts will only allow you to upload images (using WP) if the images folder is 777. That leaves your site at a certain level of risk. Email them and check what the minimum permissions are. Despite what they first say, this is NOT a WP issue - it's a security issue.
If your host insists that 777 is the only number, start looking for another host. 755 can be done by hosts (my directories are all 755) that take security seriously.
0
 

Author Comment

by:webdork
ID: 39270318
Hey, thanks for the quick response.

I don't understand permission as well as I should. I see public, group and owner.

How can I keep the public at bay while giving WP Admin enough permission to upload images and make CMS changes?
0
 

Author Closing Comment

by:webdork
ID: 39270319
Fast and detailed. Who could ask for more?
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: kevp75
Hey folks, 'bout time for me to come around with a little tip. Thanks to IIS 7.5 Extensions and Microsoft (well... really Windows 8, and IIS 8 I guess...), we can now prime our Application Pools, when IIS starts. Now, though it would be nice t…
What You Need to Know when Searching for a Webhost Provider
The purpose of this video is to demonstrate how to exclude a particular blog category from the main blog page. This is can be used when a category already has its own tab, or you simply want certain types of posts not to show up on the main blog. …
The purpose of this video is to demonstrate how to add AdSense Ads to a WordPress Website, and how to set up WordPress to automatically place Ads in Sidebars. This will be demonstrated using a Windows 8 PC. Log into your AdSense account. : Cli…
Suggested Courses

927 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question