Sunday, September 6, 2009

Wordpress permission tip: b4 uploading to server

Here's a great tip for Wordpress users who have a linux server. To help from becoming hacked, your files and folders need to have certain permissions so that they can't be edited without your knowledge.

In order to set your permissions, some may instinctively choose an FTP client. This is ridiculously harder than it needs to be. I've found the easiest way is to use two shell commands: find and chmod.

I setup my wordpress files by
Installing XAMPP, that way I have a nice environment (localhost) to test, edit, and tweak my webpage. I don't have to worry about somebody messing with my files.

When it was time to migrate my wordpress to my host, I want to change the file and folder permissions to what is
prescribed by Wordpress. There are over 4,000 files in several directories, a daunting task for an FTP program -- but not for the command line!

In the command line:
chmod -R 755 /your/directory/

will change the permission of all files "recursively" (it will drill down into the sub-directories). Depending on if you own the file, you may need to run sudo in front of this command (sudo chmod...)

Every file and folder will have the permission setting of 755. This is only half the trick.

Next we are going to make all the
files 644.

The following will recursively search your directory tree (starting at the current directory) and chmod 644 all files only:

find ./ -type f -exec chmod 644 {} \;

After I've run these commands, I can then upload them to my hosting site with all the correct permissions. Or, if you ssh'd into your server, you're already done. Compare that to an hour or two of mouse clicking or having a hackable webpage. >_<

As I write this, I tried to upgrade my 1and1 hosting plan to "business" so that I could ssh in to my server and tinker using the command line. But alas, they are closed for the holiday.


No comments: