file permissions

Fix this first before you start a-wondering ?? i just fixed a three-day old problem – see “can’t connect database” in installation forum – YES! I won’t do an iron man but get a sandwich and maybe when i return to take a peek you will be all set!

I contacted my host, https://www.webstrikesolutions.com and this was their response:
“Your chmod permissions were not recursive, so the individual themes and files did not havce correct 777 permissions. I have made all files and directories under themes chmod 777 now.”
I’m not sure why my changes to 777 did not work and theirs did work — but everything is fine now.

Just a follow-up on the reason my settings weren’t working, and the web host’s were:
You had set the permissions correctly on the initial folder, however I don’t believe that setting the permissions on a folder in Filezilla will allow you to set the permissions for the files and folders BENEATH it (i.e. they will not inherit the permissions you set).

You could try using a different FTP program, such as SmartFTP, which may allow you to set permissions recursively.

Hope the sandwich was good.

ok!

btw – cpanel gives the option of setting just the folder and/or folders within. i looked up smartFTP but could not tell if it works on mac platform. i am using captain FTP – nice mac exclusive client though i did not look to see if it is recursive…

i don’t know why the host gets things done sometimes that i can’t. that’s why one keeps good a relationship with host.

had something a bit healthier than sandwich – i was informed ribs/calamari/risotto leftovers tonight. don’t fret, i burn it off…

Oh my God – are you serious? You host has set *all* of your folder permissions in your wordpress installation to 777?

Holy crap. Time to get a new host. If your site isn’t hacked (and the host’s server isn’t compromised) within a month, I’ll be shocked.

That is a MAJOR security risk. You should *never* leave yourself wide open like that – and if your host did that for you, then they have absolutely no idea what they’re doing. (and when someone compromises the server because of these decisions, I’ll bet you $20 they’ll come back and say it’s WordPress’ fault.)

I’m getting queasy just thinking that there is a host out there that will purposely do this. Agh. How *horrible*.

Get a new host.

Yep! Nothing is more important to your site than its security. Anything that tries to compromise it you need to get rid of, including the host…

isn’t true that it is necessary to go 777, like for the uploads folder for the initial upload? but once wp makes the initial connection you can (sounds like must!) go back to default settings? is default the best practice settings?

speaking of hacking – where/how does one get in? are we saying that because wp sits in public_html everything is viewable = the need for the correct permissions?

i have been reading that important files should not even be inside the html_public folder, like a mysql_connect.php file.

Yes, the uploads folder initially has to go to 777. Then you upload one image, and change the permissions back to the default (usually 755). WordPress will still have access to the uploads folder – it only needs permission once and then it always ahas it.

True, important stuff can be housed outside of public_html. But some hosts won’t allow you to do that. And then you have to do more finagling to get things to work. But the way WordPress is set up, it’s still safe to do it how it is now, as long as your permissions are sett appropriately.

Setting 777 give *anyone* access to your site. All they have to do is find the password to get in (some of them don’t even need that). Once they’re in, if everything is set at 777, they can do major damage, get info on the server and then compromise the entire server – take down many sites in one swoop rather than doing it one at a time.

How they get in? I don’t know – I’m not a hacker. I *do* know that, to protect yourself, 777 is NOT a good thing to keep your filesystem at. If this host is telling *this* guy to do that, imagine what all the other people in his server are doing? Everyone could be open. That server is way too insecure for anything – he needs a new host who knows what they’re doing.