[wp-hackers] Backup plugin and writability

Kimmo Suominen kimmo+key+wordpress.c4f53f at suominen.com
Mon Jan 9 00:06:33 GMT 2006

On Sun, Jan 08, 2006 at 10:31:24PM +0000, David House wrote:
> Okay, so chown them to your apache and set some insane permissions
> like 600. You can't ask for more than that: WordPress _has_ to be able
> to write to the dirs for things like the cache and image uploading to
> work, there's no getting around that. Incidentally though, things in
> wp-content and .htaccess are the only things that need to be
> server-writeable.

Yes, but it would be better if directories that contain code would not
be writable.  This would go a long way in preventing attacks that try
to deface the site or run unauthorized code by replacing existing code
or adding external code.

For example, if wp-content is writable, malicious code could rename
the plugins or themes directories and insert its own code.

If wp-content and the plugins and themes directories are write protected
this cannot be done.  The downside is that you cannot upload plugins or
themes using the web interface, but you can still do it through FTP or
shell access or however you got the WP files in place to begin with.

The first thing I've run into so far that insists on wp-content being
writable is the backup plugin.  I don't see why it couldn't just use
a subdirectory like the object cache does.

If a wp-content/backup directory was used as the base directory for the
plugin (instead of wp-content), users could opt to create it manually
and make it writable by the web server.  Since files in the directory
are not executed as code or otherwise displayed on the site, it is not
quite so bad that it is writable.  The backup-XXX directories still
preserve the same security-by-obscurity as before, provided the base
directory cannot be listed (which is best achieved through proper web
server configuration).

Fortunately it is easy to modify the base directory in the plugin, so
there is no reason to lose the excellent value it adds.  I just think
this is one default value well worth reconsidering.

+ Kimmo
<A HREF="http://kimmo.suominen.com/">Kimmo Suominen</A>

More information about the wp-hackers mailing list