Apache, Linux, Wordpress and Permissions - Server stuff!

Hi guys, it's my first post here! And already a question... :slight_smile:

I have a VPS in which my www/wordpress folder is owned byjohn and also is group-owned by apache. apache also is the webserver user. So, in httpd.conf the user and group name are apache, just to be clear.

Which permissions should I set in general to folders and files?

Folders = 755?
Files = 644?

The thing is, in some folders like the wp-content and some others, the permissions need to be 775, in order to let Apache create folders, and I'm afraid that this is a security issue. So my real question is:

Is this really a security issue, in my situation? Take in account that I'm using a VPS (Virtual Private Server) and there is no other user in my server.

  • AltisonaMedia
    • Site Builder, Child of Zeus

    I don't think wp-content needs to be 775. You suggested file and folder setup looks correct to me.

    A VPS is still effectively sharing hardware, memory, cpu, storage etc. it's just sliced up in a different way and gives you control over the server setup.

    I would have thought your biggest threat to security is external and not internal.

  • transparencia
    • Design Lord, Child of Thor

    Cool, thanks!

    Wp-content/upload and wp-content/blogs.dir need to be 775 and sometimes plugins need as well, so I thought, just let the whole parent folder be 775.

    I'm glad my configuration is right!

    External security is another topic to study.

    Thank you very much :slight_smile:

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.