file permissions for wp-config.php

  • I want to make sure that I am not opening up a security hole or allowing anyone to see my database password. I currently have permissions on wp-config.php set to 644. Is this OK?

Viewing 5 replies - 1 through 5 (of 5 total)

  • try to type in your browser’s addres line:
    yourdomain.com/blog/wp-config.php – or wherever it is ??

    what about other users on a shared hosting scenario? This file should be owned by “apache” user and chmod’d 600

    This file should be owned by “apache” user

    How would that help in a shared hosting environment? Wouldn’t it open up the possibility of someone reading in the file’s contents using PHP, for example?

    something ending in 0 is the preferred permissions.
    The problem is that IF the file is world writable/readable _AND_ there’s no open_basedir restriction for the PHP installation on the server.. they could potentially include( ‘/var/www/someotheruser/public_html/wp-config.php’ ) and echo the DB password.

    If you cant do that.. 644 is the next best thing.

    Hey there… just curious what the final decision was on this? I know that 644 was the second best… but what are you saying was the first best setting: 600?

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘file permissions for wp-config.php’ is closed to new replies.