A follow up to a previous question found here How can I lock down an old wordpress install I don’t intend to update?
Same info still stands. WordPress install will (probably) not be updated. Never ending caching has been enabled. Database can only be read.
I thought my WordPress installation was pretty well locked down, however it seems that at some point, something was able to create a file in the theme directory of a funny looking nature (ending in eval(blah)).
I wouldn’t class myself as a sysadmin type of guy, but I’m thinking that someone would know what directories I should set with particular permissions to harden my security.
Can anyone help on this?
Thanks in advance
The WP-Security plugin is pretty good for this, and a few other wordpress security related things, it is my solution to lock down basics on security for every wordpress install I do.
There are no hard set rules for permissions because it depends on many factors.
The basic rule is: set the permissions as low as possible for the file/dir to be usable, and you should never have to set anything at 777.