Could someone advise if it is okay to chmod 777 web folder ?
i have a wordpress based website, with some plugin & widget installed. Few of them require me to chmod 777 on particular folder, to enable visitors upload image.
I'm worried if this could create security hole in my website. What is the worst havoc that hackers possibly produce on my website ?
Would appreciate your advice.
If you think about permissions, User-Group-World, Read-Write-Execute, is there ever any reason to use 0777? Do you really want everybody to be able to do everything? I stongly believe that permission levels should be set only to the least lenient (i.e. the most restrictive) that they can be while still letting things work. I feel that most (if not all) "need 777" is wrong and only used because someone doesn't understand or want to take the time to figure out what the best permission levels would be. I have yet to find a situation where 0777 was absolutely neccessary.
Worse that could happen? Depending on your "filtering", someone could upload a script and run it. Not something you want. Better to keep the thief outside the door than to let him in and try to make sure he behaves.
0777 is fine if you're using DSO instead of suPHP and need write permissions to the specific folder, I wouldn't bother setting 0777 for the entire site. Or you could make it 0666 instead, still has write permissions but not able to execute.
Nope its not at all recommended to have 777 file permissions ..Use Suphp and modsec that make the default file permission 755 for executing folders and 644 for files.
And also make sure that files with nobody ownership are not allowed.