wp-config.php file permission

  • Resolved norsubs

    (@norsubs)


    3 months, 2 weeks ago

    Hi.

    My cPanel Security Status want to change the file permission of my wp-config.php file from Loginizer suggested 0444 to 0400.

    Should I let it? Or should I continue using 0400?

    Best regards
    NorSubs

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Contributor loginizer

    (@loginizer)

    Hello,

    We would suggest that you keep it to 0400 as that’s the most secure option. What this 0400 means is that only the users who owns that file can read it, so the server needs to run using the same user. Or you can set it to 0440 what it does is allows the owner as well as any users in the same group as the owner can read this file. Here by user I am referring to the user of the linux server, applications run on server under different users to have a control on their privileges.

    So its better to have wp-config.php have the permissions mentioned above because it contains info about the database, but if the cPanel is enforcing 0444 then you can maybe contact your hosting to find the reason why it is enforcing 0444 permission.

    Regards,
    Loginizer Team

    Thread Starter norsubs

    (@norsubs)

    Hi,

    No! cPanel is enforcing it to 0400. It is Loginizer that want it to be 0444.

    But I will keep it at 0400 even though Loginizer are suggesting to change it to 0444.

    Right?

    Thanks,
    NorSubs

    Plugin Contributor loginizer

    (@loginizer)

    Hello,

    Yes you should set it to 0400, that’s the safest.

    Regards,
    Loginizer Team

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.