I have just started out with a VPS running centos 6.3 to host my blog and play around. After Installing WordPress 3.5.1, when I tried to install some plugins from the admin console, it complained of the folders in wp-content (upgrades, plugins, themes ..) not being writable. I changed the owner and group of these folders to ‘apache’ which didn’t work and then made the ftp user the owner which worked.
After this, I installed the BackWpup plugin which required the wp-content itself to be writable by ‘apache’ (owning by ftp user account did’t work).
In the end I have folder permissions like below
[krishnaraj@myhost]$ pwd
/var/www/html/krishnaraj.mydomain.com/wp-content
[krishnaraj@myhost]$ ls -lrt
total 28
-rw-r--r-- 1 root root 28 Feb 3 03:08 index.php
drwxr-xr-x 2 apache apache 4096 Feb 3 03:11 cache
drwxr-xr-x 4 apache apache 4096 Feb 3 06:52 uploads
drwxrwxr-x 5 myftpuser myftpuser 4096 Feb 3 07:22 themes
drwxrwxr-x 7 myftpuser myftpuser 4096 Feb 3 09:14 plugins
drwxrwxr-x 2 myftpuser myftpuser 4096 Feb 3 09:14 upgrade
drwxr-xr-x 2 apache apache 4096 Feb 3 09:32 backwpup-98372-logs
[krishnaraj@myhost wp-content]$
[krishnaraj@myhost]$ pwd
/var/www/html/krishnaraj.mydomain.com
[krishnaraj@myhost]$ ls -lrt | grep wp-content
drwxr-xr-x 8 apache apache 4096 Feb 3 09:32 wp-content
[krishnaraj@myhost]$
Are these permissions safe ? or should I be worrying about a security hole ?
As per the following from http://codex.wordpress.org/Hardening_WordPress#File_Permissions
my permissions should be perfectly fine.