How to Change Permission of wp-config.php and Other Files/Directory Massively

Few days ago, I got troubled by some unethical hackers. They’re changing my directories and files permission to 777 which has ability to World-read-write-execute. That kind of permission is very dangerous. I don’t know how did they get into my cPanel File Manager. I thought it was WordPress, WordPress plugins, or WordPress theme failure, so they could inject malicious script into my public_html directory easily and freely.

I’ve ask HostGator using live chat support but one of them has said that I can’t change the permission of files or directories massively even using SSH. That’s totally wrong because few hours later after that, I found the way. Basically, you have to know how to connect to your hosting using SSH. I’ve created a tutorial how to connect HostGator using SSH.

It’s easy to change permission of your files or directories massively by using unix command in Shell. FIRST! You must set your working path to /public_html directory by typing cd /public_html and then you can execute this command to change wp-config.php files.

find . -name "wp-config.php" -type f -exec chmod 444 {} \;

The command above will make all your wp-config.php permission to 444. So, if you want to change the permission to different number please change 444 to desired one.

The command to change directory permission is little bit different. Like this.

find . -name "wp-includes" -type d -exec chmod 555 {} \;

That will make all your wp-includes directory permission to 555. As far as I know the best permission for directory is 555.

Oh yeah do not forget to type the last two \; those are very important unless you’ll get find: missing argument to `-exec` error.

This is one thing I’ve got to secure WordPress installation. I hope you get all my explanation and implement it to your WordPress installation too. Don’t wait until it’s too late dude!

Leave a Reply