[wp-forums] thread to watch
Rich Pedley
elfin at elfden.co.uk
Mon Sep 13 18:13:54 UTC 2010
On 13/09/2010 18:44, Otto wrote:
> I will grant him that the wp-config is the easiest and most common way
> to inject code and to hack a WP site, but that assumes you already
> have access to the server's files, in which case you're already in.
> Renaming the wp-config would only stop automated tools, and even then
> it would be trivial for the tools to adjust.
>
> Educating him on permissions might be a better route to take.
> wp-config should be set to 440 on normal one-site setups, or 400 on
> shared hosting setups using any form of setuid handling (such as suPHP
> or similar). This will prevent most routes of automated attack from
> working.
Ok I learnt something... didn't realise it should be chmod to that!
Rich
More information about the wp-forums
mailing list