[wp-trac] [WordPress Trac] #60718: Awareness of permission after updating cores, themes and plugins
WordPress Trac
noreply at wordpress.org
Thu Mar 7 04:41:04 UTC 2024
#60718: Awareness of permission after updating cores, themes and plugins
-------------------------------------------------+-------------------------
Reporter: Girishpanchal | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting
| Review
Component: Security | Version: trunk
Severity: normal | Keywords: needs-patch
Focuses: accessibility, performance, privacy |
-------------------------------------------------+-------------------------
This is the major security concern now a day when people install/update
plugins or themes on DEV/STAG/PROD after changing respective directory
permission from **755** (7=rwx 5=r-x 5=r-x) to **777** (7=rwx 7=rwx 7=rwx)
Once installation/updation is complete, people forget to restore directory
permission, and due to this, hackers might inject scripts into those
directories.
To prevent this, we have to check directories and file permissions for it
and give the notice on top of the admin section.
It will help to reduce security threats.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/60718>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list