2 Comments

  1. Max

    My security nightmare is the ongoing need that many plugins have to lower the security of your folders, WP Cache is one that comes to mind. Do I CHmod the folder, all folders in that folder, all files in all folders? Should I change it to 777, 775, 755, or many of the other possibilities? Can I make them secure again once the plugin is installed? And many more questions that are so often not addressed by the plugin creator. So you see my nightmares are more about worrying and being unsure of what is the right thing to do.

    I’d love to hear more about the .htaccess blocking of folder indexes that you mentioned. This is to be one of the biggest flaws with WordPress as comes out of the box. I have never seen this addressed (is it in the Codex?) and have instead put redirect indexes in many of my folders. Can you please share the specifics of the other security mesaures that you take?


  2. @Max – I know there is this page on the Codex which explains what the permission scheme is for WordPress.

    http://codex.wordpress.org/Changing_File_Permissions

    Hmm, I suppose I can whip up a post that explains what I do although it’s not much. Regarding the Codex, I couldn’t find an article strictly for that subject but maybe i’ll add it in on the Hardening WordPress page.

Comments are closed.