How to: Secure wp-config.php and .htaccess files using chmod?
Another way to secure your wp-config.php and .htaccess files by setting up specific permissions on these files using chmod function. This makes your WordPress blog a lot more secure then ever. Setting the permissions on such files (wp-config.php and .htaccess) is good idea, because these are very sensitive containing your database information (like username, password and database name).
What is chmod function?
It is simple function to let you set permission (for users, groups, and public) on files and folders. You can set the permissions on writing, reading and executing for users, groups and public. Let’s see a complete pack of permissions what this function can provide us. Before we began take a look on to following chart:
Write = w
Read = r
Execute = x
7 4 4 user group world r+w+x r r 4+2+1 4+0+0 4+0+0 = 744
| 0477 | -r–rwxrwx | owner has read only (4), other and group has rwx (7) |
| 0677 | -rw-rwxrwx | owner has rw only(6), other and group has rwx (7) |
| 0444 | -r–r–r– | all have read only (4) |
| 0666 | -rw-rw-rw- | all have rw only (6) |
| 0400 | -r——– | owner has read only(4), group and others have no permission(0) |
| 0600 | -rw——- | owner has rw only, group and others have no permission |
| 0470 | -r–rwx— | owner has read only, group has rwx, others have no permission |
| 0407 | -r—–rwx | owner has read only, other has rwx, group has no permission |
| 0670 | -rw-rwx— | owner has rw only, group has rwx, others have no permission |
| 0607 | -rw—-rwx | owner has rw only, group has no permission and others have rwx |
Hint: Take into account never use 777. Changing File Permissions in WordPress.
Secure wp-config.php and .htaccess Files Using “Chmod”
Setting Permissions for wp-config.php File
1. Login to your cPanel using FileZilla or any other ftp client software.
2. Goto public_html > yourdomain folder.
3. There right click the file wp-config.php > file permissions…
4. For wp-config.php file the chmod should be 400, this mean the only users (admins) can read this file rather than modifying, and executing.
Alright.
Setting Permissions for .htaccess File
1. Do the same as like wp-config.php file.
2. Set the permissions for .htaccess file 644 which is normally recommended for it.
All we’ve done. Have a Good day
very nice article bro
hey Bro 🙂 just one question, What is the diference between protecting your file via chmod and using .htaccess to protect your files… for example, is it better to protect wp-config.php via .htaccess or is it better to simply use chmod to achive the same result. Is it the same result at all or there are diference between this two methods?
Chmod is one of the best way to protect your wp-config.php.
ty, so if I use chmod than .htaccess restrictions are not needed for that file at all??
It’s up to you which one you decide to use in order to protect your precious files.
Nice tutorial, I changed Permissions for .htaccess File to 444 so plugin can’t override