正确的WordPress文件权限 [英] Correct file permissions for WordPress
问题描述
我在此处进行了查看,但没有找到有关最佳文件权限的所有详细信息.我还通过这里也是但建议使用777的任何人显然都需要在安全性上学习一点.
I've had a look over here but didn't find any details on the best file permissions. I also took a look at some of WordPress's form's questions over here too but anybody that suggests 777 obviously needs a little lesson in security.
简而言之,我的问题是这个.我应该具有以下权限:
In short my question is this. What permissions should I have for the following:
- 存储所有WordPress内容的根文件夹
- wp-admin
- wp-content
- wp-includes
然后是每个文件夹中的所有文件?
and then all the files in each of those folders?
推荐答案
设置WP时,您(网络服务器)可能需要对文件进行写访问.因此,访问权限可能需要宽松.
When you setup WP you (the webserver) may need write access to the files. So the access rights may need to be loose.
chown www-data:www-data -R * # Let Apache be owner
find . -type d -exec chmod 755 {} \; # Change directory permissions rwxr-xr-x
find . -type f -exec chmod 644 {} \; # Change file permissions rw-r--r--
After the setup you should tighten the access rights, according to Hardening WordPress all files except for wp-content should be writable by your user account only. wp-content must be writable by www-data too.
chown <username>:<username> -R * # Let your useraccount be owner
chown www-data:www-data wp-content # Let apache be owner of wp-content
也许以后您想更改wp-content中的内容.在这种情况下,您可以
Maybe you want to change the contents in wp-content later on. In this case you could
- 使用
su暂时将用户更改为 www-data , - 赋予wp-content组写访问权限775,并加入组 www-data 或
- 使用 ACL 为您的用户授予对该文件夹的访问权限.
- temporarily change to the user to www-data with
su, - give wp-content group write access 775 and join the group www-data or
- give your user the access rights to the folder using ACLs.
无论您做什么,都要确保文件具有 www-data 的rw权限.
Whatever you do, make sure the files have rw permissions for www-data.
这篇关于正确的WordPress文件权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
