Permissions for Running Outside of WP Directory

  • Hi all – Quick question about permissions/security. I have implemented the technique to post WP articles on a home page outside of the WP directory mentioned here and detailed at:

    https://www.transycan.net/blogtest/2005/07/05/integrate/

    I found in another post that the person had to set the permissions of the ‘wp-config.php’ file to 644 to get it to work. I also found this out on my own (after struggling – I should have just searched here).

    Anyway, my concern is about the security of this. It appears from some initial testing that the config file is not actually readable (at least going straight to it) in the browser. The reply was that 644 is okay, but I found others that say the default 600 is recommended.

    I wanted to get your expert opinions about this to avoid any possible malicious stuff.

Viewing 3 replies - 1 through 3 (of 3 total)

  • As far as I know 644 is the default and never heard about any WP blog that has been hacked through the config file. (I never had to change any permissions on the config file: on any decent host 644 is the default for uploaded files.)

    Thread Starter teflonhobo

    (@teflonhobo)

    @moshu – I’d hoped and thought that was the case. Thanks for the help and clarification.

    Even if you “download” the wp-config.php via HTTP, you will get an empty file, as inside this file, there is nothing but some definitions. When parsed by PHP, only echoed/printed output from inside <?php ?> sections arrives at the user.

    It’s more critical if others have FTP access to your web space, or if PHP safe mode and/or open_basedir aren’t properly configured and others can include() your files.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Permissions for Running Outside of WP Directory’ is closed to new replies.