chmod for wp-config.php

  • I just got a notice from my host telling that wp-config.php is readable and changed username and password of the mysql.
    (I attached the some of text below)

    What is the best chmod for wp-config.php?

    +++++++++++++++++++++++++
    During a routine review of security issues on our customers webhotels on our web servers, we have found that you have set the file permissions to the configuration file

    /home/1/o/mywebsite/www/blog/wp-config.php

    in a way that makes the file readable for all. This file contains the
    username and password of the mysql database of your webhotel. Configuration files that contains username and password should for security reasons not be readable for others.
    +++++++++++++++++++++++++++

Viewing 3 replies - 1 through 3 (of 3 total)

  • gosh so it is, maybe that is not so good! chmod 640 I guess

    640
    Nothing else.
    THIS ABSOLUTELY SHOULD BE EMPHASIZED IN THE INSTALL/ UPGRADE INSTRUCTIONS
    If your wp-config file has been readable to others/everyone/public/anyone (whatever your ftp program says) you should change the password of your database and edit your wp-config file accordingly – and set its permissions to 640
    Consult your host about changing the database password if you need.
    Kjetil
    dolcevita.no – which recently was hacked…

    I have to adjust this a bit. What I wrote above counts for WP installs running on a web hotel based on Linux. For eg Windows servers or if you run your own web server the permissions should be set in some other way – which I don’t know.
    Kj
    – Not hacked again, maybe also thanks to the AskApache Password Protect plugin – also here

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘chmod for wp-config.php’ is closed to new replies.