[wp-trac] [WordPress Trac] #37264: Please do not chmod 666 the wp-config.php file on installation.

WordPress Trac noreply at wordpress.org
Wed Aug 17 08:20:46 UTC 2016


#37264: Please do not chmod 666 the wp-config.php file on installation.
--------------------------+------------------------------
 Reporter:  chriskuehl    |       Owner:
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  Security      |     Version:  1.0
 Severity:  normal        |  Resolution:
 Keywords:                |     Focuses:
--------------------------+------------------------------

Comment (by sibprogrammer):

 First of all we're talking about the new installations and about
 '''security'''. It seems more reasonable to make chmod 600 instead of 666.
 If you afraid of breaking of old hosts that will try to install the
 WordPress, the following steps could be made. Check the owner of PHP
 process and compare it with the installation directory owner. If it
 matches, we can do chmod 600 w/o any doubts. If the owners don't match, we
 can show additional checkbox on installation form saying "Allow other
 users (besides <detected-php-process-user>) to write to wp-config.php"
 (unchecked by default).

--
Ticket URL: <https://core.trac.wordpress.org/ticket/37264#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list