I have moved my wordpress website from a shared hosting to a new vps. After moving, I had issues regarding timthumb and uploading images, these issues were resolved only by chmoding 777 uploads
and subdirectories, and cache
directory inside the theme dir.
My questions is: Isn’t that a security hole? Is it a wordpress problem, or I am missing something here?
Thanks
Yes,
777
is a security hole and the WordPress Codex specifically addresses this and gives suggestions on how to set permissions.Yes, 777 is very insecure. WordPress does not require 777 for any directory, and no correctly developed plugin should, either. WordPress needs no more than 755 on most directories.
On shared hosting, permission schemes are managed by the host. On a VPS, you will need to do some management or owners and groups and permissions yourself.
See Changing File Permissions « WordPress Codex and Hardening WordPress « WordPress Codex for correct permissions and owner/groups for WordPress.