Latest in the Section
- Apple retira Bang with Friends para iPhone de la App Store
- Telcel What is the plan that suits you?
- Apple strikes back and removes Bang With Friends from the App Store
- Apple retira Bang With Friends de la App Store
- IFTTT Recipes to take advantage of LinkedIn
- Harry Potter's spell to hack Macs
- Microsoft prepares major changes to the interface of the new Xbox
- The cool new Microsoft ad for IE10
- Best of the Week XVI: apps, extensions and programs
- Opportunity is the vehicle NASA has traveled farther away from Earth
Popular in the Section
- Uncharted 2 was one of the best games of 2009
- Synergy-Plus program, which allows us to control with a single keyboard and mouse several machines
- VBulletin case: "This decision is a true cross-Shirt to Spanish sovereignty"
- Inadvisable online mode of FIFA 2010 with Gamblers Anonymous
- Blood Moon, the adventures of the undead
- Olloclip brings the iPhone's camera to the next level
- Sasha Grey, Hulk Hogan y Daniel Dae Kim protagonizarán Saints Row: The Third
- Heavy Rain, Quantic Dream ultimate
- Party at home with friends and a dealer hand of Four Roses
- Dragon Age: Origins and the mod called "Natural Bodies"
|Technology - Software|
|Friday, 10 August 2012 02:38|
During the last two days we spent some minutes talking about the permissions of files and folders with the idea of explaining its usefulness and the notation that is commonly used (and sometimes tends to generate occasional headache with bits and numbers in octal). As mentioned at the beginning of this series, permits are a access control system to ensure that access to files and folders are allowed only to users and groups that have defined, creating rules for the file owner, the group owned and other users of a Unix, Mac OS X or Linux (because the latter two are compatible POSIX ).
Now that we handle the concept and notation, the next step is to properly use this resource to improve the security of our system and as a practical application we will focus on WordPress and what might be considered an optimal configuration of permissions.
In the case of WordPress, poor management of files and folder permissions can be a source of more than a headache since this type of error can be exploited by people with no good intentions and, for example, exploit these vulnerabilities to insert malicious code on our website (which Google may penalize and block access from Chrome).
In the vast majority of Linux hosting services, users have some kind of control panel to manage, web, files and permissions for them (in addition to also have access via SSH or FTP) as at any time, have the opportunity to manage any kind of change without much complication. Generally, we recommend the following guidelines:
Temporary exceptions, and therefore never permanent, we should not change this scheme to make it more loose and permeable. In rare cases it may be necessary for users other than the owner of the directory have to write it and maybe we have to grant more permits until the "number of the beast": 777.
777, damn permission
The amount to 777 permissions
Generally, if a WordPress plugin requiriese such permits, the first thing to ask is whether or not we are before a trap because this requirement is excessive and potentially dangerous. In fact, we may find applications (or development) that tell us that need this type of permissions to allow users to upload files to a specific folder on our server if necessary and if no alternatives existed, it will be important to use a . htaccess file that prevents someone, for example, can upload executable code:
But to the extent possible, avoid using the permissions 777.
Improving the security of our hosting
While the general rule is to assign permissions 644 to 755 files and directories, WordPress recommended us to review the permissions of some files critical to apply special rules to improve the security of our blog:
Some tools support
While we can check our WordPress permits accessing management tools to provide us with our hosting provider, we can also make such checks from the management of our blog thanks to some extensions focused on security , which among its features, check permissions of directories and files:
Among the many available extensions worth checking out WP Security Scan , WebsiteDefender WordPress Security and File Permissions & Size Check and since there are times when interventions are hosting providers that affect permissions, it is worth reviewing our facility permits from time to time.