777 permissions in cache

  • Resolved geomouchet

    (@geomouchet)


    4 years, 6 months ago

    Your plugin seems to create files in cache that have 777 permissions. Is there any way to make this more secure, such as 775?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter geomouchet

    (@geomouchet)

    Some additional information: I switched to your plugin after getting hacked through a different caching plugin that created cached pages with 666 permission. Hackers were able to insert links into cached pages. According to WordPress, “No directories should ever be given 777, even upload directories. Since the php process is running as the owner of the files, it gets the owners permissions and can write to even a 755 directory.”
    (see https://www.ads-software.com/support/article/changing-file-permissions/)

    My host says, “Permissions like 755 or 775 are sufficient for all applications as our servers are configured to run scripts as your own username (not as the web server), so you never need to give world-writable rights to your files and directories.”

    Plugin Contributor Marko Vasiljevic

    (@vmarko)

    Hello @geomouchet

    Thank you for your inquiry and I am happy to assist you with this.
    W3 Total Cache creates a cache folder and the files within. However, W3 Total Cache does not set the permissions. I.E. the created files and folders will have permission that was set globally on your server.
    For example, if you’ve set the permissions on your server for files 644 and for folders 755, those permissions will be set to the files/folders created by W3TC.
    To conclude, you should set the global permissions on your server for folders 755 and for files 644.
    Thanks!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘777 permissions in cache’ is closed to new replies.