Make WordPress Core

Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#9529 closed defect (bug) (invalid)

wp-config.php created with global write privs

Reported by: jonasc Owned by: ryan
Milestone: Priority: normal
Severity: major Version:
Component: Security Keywords:
Focuses: Cc:


wp-config.php is created with global read and write privileges when running through the install process.

  • Using Wordpress 2.7.1 (as downloaded from wordpress.org on Apr. 13)
  • Installing to a Linux server with PHP 5.2.4 installed as an fcgi
  • choosing to have the install process create a wp_config.php file for me (as opposed to uploading a custom one)
ls -lah wp/wp-config.php 
-rw-rw-rw- 1 web web 2.5K Apr 13 12:10 wp/wp-config.php

I'd suggest slightly stricter permissions by default :)

Change History (2)

#1 @Denis-de-Bernardy
7 years ago

  • Resolution set to invalid
  • Status changed from new to closed

If the file is owned by the www user, anything short of those privileges will prevent end users from deleting or overwriting the file.

#2 @Denis-de-Bernardy
7 years ago

  • Milestone Unassigned deleted
Note: See TracTickets for help on using tickets.