[wp-trac] [WordPress Trac] #37264: Please do not chmod 666 the wp-config.php file on installation.
WordPress Trac
noreply at wordpress.org
Wed Aug 17 08:20:46 UTC 2016
#37264: Please do not chmod 666 the wp-config.php file on installation.
--------------------------+------------------------------
Reporter: chriskuehl | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 1.0
Severity: normal | Resolution:
Keywords: | Focuses:
--------------------------+------------------------------
Comment (by sibprogrammer):
First of all we're talking about the new installations and about
'''security'''. It seems more reasonable to make chmod 600 instead of 666.
If you afraid of breaking of old hosts that will try to install the
WordPress, the following steps could be made. Check the owner of PHP
process and compare it with the installation directory owner. If it
matches, we can do chmod 600 w/o any doubts. If the owners don't match, we
can show additional checkbox on installation form saying "Allow other
users (besides <detected-php-process-user>) to write to wp-config.php"
(unchecked by default).
--
Ticket URL: <https://core.trac.wordpress.org/ticket/37264#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list