wordpress permissions

Hi guys,

I recently started a wordpress blog. Now by default various wordpress directories and files like .htaccess on my hosting account have 644 permission and hence the server is unable to make changes to it. Of course I can change the permission to 666 and change it back to 644 after the server has written to it, but just want to know what is the general practice? do people just change it to 666 and leave it like that or does it have a security issue?

thanks

jack

 

Ultimately it depends on the setup of your hosting environment, but I would certainly change it back to 644 to be safe. 666 potentially means that any user on that server could change the contents of that file.

 

yes, thats what i thougt, afterall its a shared server! but since i am new to wordpress and like to experiment alot so its kind of annoying to change it every time i have to make some modifications.

thanks for the reply tflight

 

There is another way some hosts handle this. The host could setup a new group and put in the group your user account and the user that the http server runs as (commonly www or similar). Then you can set the permissions on the file to 664 meaning that the owner and anyone else in the same group can read and write to the file, but nobody else can. This prevents "everyone" from having write access to the file while still allowing the http process to write to the file when it needs to.

Most hosts don't do this, however I've seen some that will set this up upon request. Not many... but some.

 

hmm.. let me check my host's forum/ maybe i would find something similar there, if not then would post for request.

thanks again