[wp-forums] Question about permissions

Wed Oct 4 17:27:05 GMT 2006

I had a quick question that I think you all can help me with.

I've got someone who's needed assistance with Wordpress (not an 
Install4Free client - this is just a colleague who's never used it 
before, and I'm sort of "teaching" her how to use it for her site).  She 
was asking me about the images upload thing - where you write a post and 
you can upload and image and then stick it in the post.

Of course, the first time she goes to upload something, she gets that 
error message about not getting access to the folder, which means her 
permissions are not set correctly on the wp-contents folder.  The thing 
is, it's set at 755 - which hasn't been a problem for editing files 
through the damin panel.  The only way she can upload images is to set 
the wp-content folder at 777 - which I've told her is a major security 
risk to change it to that and leave it.

I've told her she can either FTP the images in, or she can contact her 
host and have them change a setting so the "755" (or 746 - which is also 
working for files) would be "good enough" to let Wordpress create the 
folder and allow file uploads.

She has decided to contact the host, because in her mind, when she gets 
clients and wants to utilize Wordpress for them, they won't have a clue 
as to how to FTP and call in the images with HTML - they just want to 
upload and go.

Now, I'm not very good at explaining things - maybe it's because I odn't 
own my own server and know the jargon.  But can the web host "change a 
setting" so that the 755 permission is good enough to allow the image 
upload to happen?  And the host has some setting *now* that means it 
*has* to be set at 777 - but the host can change that, right?

I hope I'm making sense.

It's really hard because, like I said, I don't know the jargon, and she 
has *no clue* as to what's going on at all and she's trying to take my 
ill-formed words and explain to the host what they need to do - so of 
course *they* are confused.  They're telling her to just change the 
permissions on the folder to 777 and the problem is solved.

Anyway, is there something I can say that she can just pass directly to 
the host so they know what I'm talking about?  That they just need ot 
change whatever setting it is to make the permissions a little bit 
stricter but still allow Wordpress to do what it needs to do, without 
opening the whole thing up for a hacker buffet?  (That *is* right, 
right?  They *can* do this, - if I'm wrong, please tell me, because it's 
been my impression that they can!)

I just don't know how to *say* it so that it can happen.

I'd appreciate anything you can tell me about this!

~Shelly