正确的 WordPress 文件权限 [英] Correct file permissions for WordPress
问题描述
我查看了这里但没有找到有关最佳文件权限的任何详细信息.我还在这里也看了一些WordPress表单的问题 但任何建议使用 777 的人显然都需要学习一点安全知识.
I've had a look over here but didn't find any details on the best file permissions. I also took a look at some of WordPress's form's questions over here too but anybody that suggests 777 obviously needs a little lesson in security.
简而言之,我的问题是这个.我应该拥有以下哪些权限:
In short my question is this. What permissions should I have for the following:
- 存储所有 WordPress 内容的根文件夹
- wp-admin
- wp-content
- wp 包含
然后是每个文件夹中的所有文件?
and then all the files in each of those folders?
推荐答案
当您设置 WP 时,您(网络服务器)可能需要对文件进行写访问.所以访问权限可能需要放宽.
When you setup WP you (the webserver) may need write access to the files. So the access rights may need to be loose.
chown www-data:www-data -R * # Let Apache be owner
find . -type d -exec chmod 755 {} ; # Change directory permissions rwxr-xr-x
find . -type f -exec chmod 644 {} ; # Change file permissions rw-r--r--
根据强化 WordPress 除了 wp-content 之外的所有文件都应该只能由您的用户帐户写入.wp-content 也必须可由 www-data 写入.
After the setup you should tighten the access rights, according to Hardening WordPress all files except for wp-content should be writable by your user account only. wp-content must be writable by www-data too.
chown <username>:<username> -R * # Let your useraccount be owner
chown www-data:www-data wp-content # Let apache be owner of wp-content
也许您想稍后更改 wp-content 中的内容.在这种情况下,您可以
Maybe you want to change the contents in wp-content later on. In this case you could
- 使用
su临时将用户更改为 www-data, - 授予 wp-content 组写入权限 775 并加入组 www-data 或
- 使用ACL授予您的用户对该文件夹的访问权限.
- temporarily change to the user to www-data with
su, - give wp-content group write access 775 and join the group www-data or
- give your user the access rights to the folder using ACLs.
无论您做什么,请确保文件具有 www-data 的 rw 权限.
Whatever you do, make sure the files have rw permissions for www-data.
这篇关于正确的 WordPress 文件权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
