chmod 777

Because the files and directories are “world writable”. That means anybody that can gain access to them can do pretty much whatever they want. Threats aren’t limited to someone simply having your password.

can you show me how? or can you write what steps do hackers do to gain the access to the files, edit them… etc…?

You’re making me smile this morning. ??

If what you are concerned with is your own WordPress site security, this is a great place to start: https://codex.www.ads-software.com/Hardening_WordPress

If you are already managing your own server and need to ask these questions here, you may want to seek out some information on basic server configuration and security issues.

If you are operating a WordPress website(s) in a shared hosting environment, then you should have a conversation with your hosts support group about safe/allowed file and directory permissions for their environment. Incorrectly configured permissions in shared environments are likely to be at pretty high risk for compromise.

Spend a few minutes with Google, and you will find an unlimited wealth of information and opinion on server security issues, best practices, and the pros and cons of different permissions schemes that apply not only to WordPress, but to any web based application.

Thanks for your answer!
I searched in Google for chmod 777 and I after reading some articles you can realize that setting such permission to whole var/www directory will make your site hacked the same day! ??
It this very funny for people that does not realize what a real security risk is… like using a timthumb old script, or a old theme like canvas.

Or I’m not right?

It’s certainly possible. Often times, your host will have the best suggestion for what your file and folder permissions should be, but like you say.. you should also be careful to make sure that plugins and themes come from safe and reliable sources, and that you are always using the newest versions. Keeping updated is very important.