What permissions to put files and folders in WordPress

 chmod "width =" 409 "height =" 400 "srcset =" https://ayudawp.com/wp-content/uploads/ 2012/09 / chmod.png 409w, https://ayudawp.com/wp-content/uploads/2012/09/chmod-60x60.png 60w "sizes =" (max-width: 409px) 100vw, 409px "/> 

<p class= From the strips of Bit and Byte .

. The more popular WordPress is made and the more high traffic and influence sites use it, the more it becomes target of hackers and other riff-raff .

That is why you have to have some clear issues and ensure WordPress as best as possible.

One of the most important elements when it comes to securing any website is ] permissions (UNIX) of files and folders and the base rule in WordPress would be the following:

  • 644 for files
  • 755 for folders

You'll see that in most of the occasions it is not you need to change these permissions because either your hosting server or the same WordPress already loads them correctly, but it's not always like that.

So it's good to check your installation's permissions and follow the basic rule that I have written before. If after changing the permissions some plugin or issue gives you problems you can change the permissions to the specific folder or file required, but always being aware that you are leaving a possible security hole .

Examples of You can have special permissions with the folders " cache ", where the themes store the thumbnails and some temporary files plugins, which many times – or almost always – have to have permissions 666 or 777 (total ) or some plugins that have a configuration file that also requires special permissions.

In these cases, measures the decision well, because sometimes it is better to change to a plugin that offers the same without that " peculiarity " to leave a possible gap for hacker input.

If you want to review the file permissions some options are these:

  • File manager ivos of your accommodation, where you can browse folders and there is always a link or button to change folder permissions
  • FTP client as Filezilla or Transmit, in which by right clicking on any file or folder you can change the permissions or access the information window of the above and change them.
  • FTP plugin for WordPress, a "pluginized" version of FTP client like – for example – Filepress where you will also find this possibility.

Actually changing permissions of files and folders is simpler than it seems, and the security of your WordPress deserves the small effort, do not you think? .

Also, it does not hurt to never help you one ] WordPress security suite .

NOTICE : This publication is from two years ago or more. If it's a code or a plugin it might not work in the latest versions of WordPress, and if it's a news story it might be obsolete. Then do not say we have not warned you.

Loading …

That may also help you:

Injection of code in WordPress

In Websense Security Labs have warned that there are more than 30,000 WordPress installations already infected by a Trojan that adds redirect code on the affected web.

The infected sites had outdated versions of WordPress, insecure passwords and vulnerable plugins.

After a chain of three-level redirects victims land on a fake antivirus site . The anti-virus scanner seems to perform a computer scan and warns the user by displaying false malware detections of various types of Trojans . The page looks like a Windows Explorer window, with the title of " Windows Security Alert ".

The fake scanning process looks like a Windows application but it's actually a simple pop-up browser window. Then, the fake antivirus asks the "visitor" to download and run an antivirus tool that – supposedly – has found the Trojans. The executable itself is a Trojan what did you expect?

Most of the infected sites are in the US as you can see in this traffic:
[19659002] And the visitors to the fake page are already from a lot of countries, all English-speaking:

WordPress with Timthumb hacked make black hat SEO in Google Images • WordPress Help

According to the blog of Unmask Parasites over 4,000 hacked WordPress sites would be flooding images used to position fake antivirus sites.

What these undesirables do Black Hat SEO using the exploit in Timthumb of which I warned, is the following …

the following URL pattern: hxxp: ///? [a-f] {3} =, where [a-f] {3} is a combination of three letters from "a" to "f" and they are combinations of keywords separated by scripts that contain or images of normal words or images, for example:

hxxp: //example.com/? fef = images-of-mitzi-mueller-wrestling
hxxp: //example.net/ ? cda = image-tropical-fruits-index

For this purpose they use backdoor pages that they enter in normal templates of WordPress sites, where [19] 459011] the original content is replaced with about twenty thumbnails and small blocks of text relative to the keywords to be positioned .

The images are not linked from external sites but link to "full size" images with URLs how are you:

for example:

At the top of the images shows an entry – the domain name of the hacked site. In this way the undesirable ones make it seem that the images belong to the site they have hacked, as if it were their own content, not images inserted or stolen. At the same time, in this way, it is easier to identify the poisoned image in the search results.

The image files contain the following string inside: <CREATOR: gd- jpeg v1.0 (using IJG JPEG v62), quality = 100 . This means that they were created using the GD graphics library

It seems that hackers use a PHP script to take well-positioned images (in Google Images search results), resize them to the size of miniature (a width of between 200 and 300 pixels) and full size (some at random size, in some cases even to sizes greater than the original, to position them better as they are larger in pixels) and finally add the seal of the domain name hacked

timestamps

At the bottom of the HTML code of the backdoor pages you can see comments like these:

The temporary brand and the keywords . This way you can easily see when the back door was created.

Redirects

The backdoor pages have good positions in some keywords in both Google web search and Image search (especially when you search for the exact phrase ). However, malicious redirects occur only when you click on the search result in Google Images which proves that the ultimate goal is to flood Google Images of these images, that is, a pure campaign and hard of black-hat SEO .

The redirection has two stages . In the first one the redirection goes to an intermediate server (TDS) that then redirects to some web pages that launch a fake antivirus tool (there are two different variations).

This is a real redirect string: