Protecting WordPress properly

Problems with the Windows version of XAMPP, questions, comments, and anything related.

Protecting WordPress properly

Postby dgewirtz » 22. November 2009 01:09

I'm sure this is about as obvious as it could be, but I want to make sure I'm properly protecting a WordPress installation. Most WordPress instructions have details about setting chmod settings, ala Linux or Unix. Obviously, Windows doesn't play that way. But if I'm running WordPress under XAMPP, should I do any special filesystem protection settings, or will everything be ok just as-is (remembering that WordPress does some of its own .htaccess stuff)?

Thanks.

One way I thought of doing it was installing cygwin, then using chmod 777 within cygwin on the appropriate WordPress files, but that just seemed like wacky overkill.
dgewirtz
 
Posts: 9
Joined: 08. November 2009 03:33

Re: Protecting WordPress properly?

Postby dgewirtz » 01. December 2009 01:43

Bump.. any thoughts?
dgewirtz
 
Posts: 9
Joined: 08. November 2009 03:33

Re: Protecting WordPress properly

Postby Izzy » 01. December 2009 02:13

chmod 777 is very unrestrictive.

In XAMPP your WP should be able to do what ever a 777 can do.

So no need to do much at all really, as you say, WP uses it's own .htaccess files if needed and .htaccess and .htpasswd in combo can be very restrictive if required.
Izzy
 
Posts: 3344
Joined: 25. April 2006 17:06

Re: Protecting WordPress properly

Postby dgewirtz » 01. December 2009 02:24

Well, the install instructions says to set certain things to 655, etc and so I assumed .htaccess wasn't do all that was needed.
dgewirtz
 
Posts: 9
Joined: 08. November 2009 03:33

Re: Protecting WordPress properly

Postby Izzy » 01. December 2009 02:36

Well, as you pointed out there is no chmod in Windows.

If you want to secure your WP then the best place to find out such information is by addressing your issues to the WP forums as you have more of a chance that someone there can answer your concerns.

Xampp, by default, is for development in a localhost environment not as a production server, without first knowing how to harden your Apache for Windows server.
(readme_en.txt file heading - A matter of security (A MUST READ!))

A web search for "harden apache windows server" or similar keywords may also find you some useful advice.
Izzy
 
Posts: 3344
Joined: 25. April 2006 17:06


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 75 guests