Check Your Wordpress Config Permissions - How to Show Which Permissions a File Has in Linux
A security incident at Network Solutions caused hundreds of WordPress blogs to be hacked this week. While we are running a more secure server setup here at Sustainable Websites, it's still important for our customers to ensure that you have the most secure file permissions set correctly.
This principle applies to many PHP based web scripts, such as Joomla, and Drupal, too. Make sure to read the installation instructions, or check bulletin boards, for the latest advice on which permission to set files on the software you have installed on your web hosting account.
File permissions in linux are a big topic worth reading more about but basically, you want to limit who can read the file to as few people as possible. File permissions in linux can be displayed by using the ls -la command. I'm a big fan of using ls -latrh, which will list all files with the newest at the bottom and the file sizes in human readable format. However, it does not list the permissions in numeric (octal) format, but you need to know the correct numeric format to use the chmod (change permissions) command
This article describes how to better view file permissions in the command line via an ssh connection. If you're more comfortable using cPanel's file manager, it already shows the permissions in numeric (octal) format.
Use the stat command to list the file's permissions. You can either list all files in the directory with the wildcard character *, or just put in wp-config.php at the end to check the WordPress configuration file.
%A Access rights in human readable form
%a Access rights in octal
%n File name
$ stat -c '%A %a %n' *
...lists all files...
$ stat -c '%A %a %n' wp-config.php
-rw-r----- 640 wp-config.php
Check on the website of your software vendor/community forums, or contact technical support if you are a customer and have more questions about which file permissions settings you should be using.
Category: Knowledgebase
Created on: April 13th, 2010
