« Changing file permissions
Integrating WordPress into an existing site »

Securing your WordPress installation


Found this nice article on securing your wordpress installation,  http://codex.wordpress.org/Hardening_WordPress.

The chmod command it used to change the permissions of files and directories.  It should be noted that directories and files need different types of permisssions.  For instance, directories need the x (execute) permision to be able to list files and yence for your wordpress to run. 

For the most secure installation, make your permissions very restrictive and open them up as necessary.

In general, you should be the owner of your files and directories and be able to read, write and execute, rwx or 7.  The group assigned to the files and folders should be the group that is running the apache web service.  For the default CentOS installation, this group is apache.  For the group chmod setting, directories should be set to r-x (5)and files should be r– (4).  To get all the functionality out of wordpress, you may have to loosen that a bit, but it is a good starting point.  See the article mentioned above for more information.

Ok, so here comes the tricky part.  How do you get directories to be one type of permission and files to be another type of permission.  The -R option for chmod will apply the setting to all files and folders recursively and this is not exactly what we want.  So we need to do this in multiple steps.

  1. cd (change directory) to the directory where wordpress is installed.
  2. Use the chmod command with the -R recursive flag to change all directories and files to a value of 750.  This will give the owner, you, full permissions, it will give the group, apache, write and execute permissions (note, we will remove the execute on files in the next step), and is give no permissions to anyone else.
    • chmod -R 750 wordpress
  3. Next we use a little gem of code I found on the net to change all the files ONLY to a new chmod value.
    • find . -type f -exec chmod 640{} \;
    • This finds all the files starting in the current directory and executes the chmod 640 on them.
  4. There you have it.  Now we have 750 protection on directories and 640 on files.  The next step would be to set permissions on individual files on a case by  case basis to support additional wordpress functionality.  Note, you should always turn the permissions back when you are done using the functionality.

This entry was posted on Friday, May 15th, 2009 and is filed under Linux, Wordpress. You can follow any responses to this entry through RSS 2.0. You can leave a response, or trackback from your own site.

  1. No comments yet.
(will not be published)
  1. No trackbacks yet.