I’ve read articles about protecting wp-config.php using .htaccess as well as setting the correct file permissions but I want it all in one place. What should my .htaccess file look like and what folders is it safe to have 777 vs 755 permissions?
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
Hardening WordPress on the WordPress Codex is a very good article on how to secure your WordPress blog, which goes into quite some detail on file permissions, as well as some other methods of securing WP.
Method 2
Generally, it’s never a good idea to have 777 set on anything. Read the links Thomas provided for more detail, but as a general rule 755 for folders and 644 for files is a good practice.
Method 3
http://httpd.apache.org/docs/2.2/howto/htaccess.html
I am not an expert on this, but I hear that there is no need for .htaccess if you are using newer versions of Apache (IIS had this feature for quite some time.) You can disable directory browsing in your Apache config. It is the Indexes option in the Options directive of the Directory directive.
http://httpd.apache.org/docs/2.2/mod/core.html#options
I don’t know if 777 is required by any. 755 is probably safe for content folders.
Method 4
There are 3 type of users in apache, or almost any webserver
users, groups, other
add user give him right permissions add him in webserver write permissioned group
give him owner ship of web root ,
also see these to links
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0