Wordpress from application vault comes with unsecure default permissions

Created:

2016-11-16 13:03:36 UTC

Modified:

2017-04-24 11:58:54 UTC

0

Was this article helpful?


Have more questions?

Submit a request

Wordpress from application vault comes with unsecure default permissions

Applicable to:

  • Plesk 12.5 for Linux
  • Plesk 11.0 for Linux
  • Plesk 11.5 for Linux
  • Plesk 12.0 for Linux

Symptoms

  1. Wordpress installations from Plesk Application Vault come with insecure default permissions - 646 for files and 757 for directories.

  2. Domain is set to handle PHP as Apache module in Home > Subscriptions > example.com > Hosting Settings . For PHP handled as FastCGI application the permissions are 644 for files and 755 for directories.

Cause

When PHP support uses Apache module as handler type all .php script are being executed under Apache user, so permissions 646 for files and 757 for directories are required and set by design.With other permissions Wordpress will work incorrectly.

Resolution

If it is needed to increase security for WordPress, set PHP support as CGI/FastCGI/FPM for domain in Home > Subscriptions > example.com > Hosting Settings .

Have more questions? Submit a request
Please sign in to leave a comment.