Apache Friends Support Forum

[dgewirtz]

I'm sure this is about as obvious as it could be, but I want to make sure I'm properly protecting a WordPress installation. Most WordPress instructions have details about setting chmod settings, ala Linux or Unix. Obviously, Windows doesn't play that way. But if I'm running WordPress under XAMPP, should I do any special filesystem protection settings, or will everything be ok just as-is (remembering that WordPress does some of its own .htaccess stuff)?

Thanks.

One way I thought of doing it was installing cygwin, then using chmod 777 within cygwin on the appropriate WordPress files, but that just seemed like wacky overkill.

[dgewirtz]

Bump.. any thoughts?

[Izzy]

chmod 777 is very unrestrictive.

In XAMPP your WP should be able to do what ever a 777 can do.

So no need to do much at all really, as you say, WP uses it's own .htaccess files if needed and .htaccess and .htpasswd in combo can be very restrictive if required.

[dgewirtz]

Well, the install instructions says to set certain things to 655, etc and so I assumed .htaccess wasn't do all that was needed.

[Izzy]

Well, as you pointed out there is no chmod in Windows.

If you want to secure your WP then the best place to find out such information is by addressing your issues to the WP forums as you have more of a chance that someone there can answer your concerns.

Xampp, by default, is for development in a localhost environment not as a production server, without first knowing how to harden your Apache for Windows server.
(readme_en.txt file heading - A matter of security (A MUST READ!))

A web search for "harden apache windows server" or similar keywords may also find you some useful advice.