In short:
YES, is a big time threat.
Explained:
Little time has passed since I asked this question but now I have found that the safer and most useful file permissions for wordpress are the following:
Directories: 755 Owner can: Read, write and execute. Group and public can: Read and execute.
Read-only files:644 Owner can: Read and write. Group and public can read only.
Example of read only files:
- *.css
- *.htm
- *.html
- *.jpeg
- *.jpg
- *.gif
- *.png
- *.js
- *.mpeg
- *.mpg
- *.mp3
- *.avi
- *.txt
- *.doc
Executable files:700 Owner can: Read, write and execute.
Example of executable files:
- *.php
- *.cgi
- *.pl
- *.py
- *.rb
TO IMPLEMENT THE CHANGES (in terminal):
Determine where are you, this will tell you that.
pwd
Once you get to the desired folder (there were the wp-config.php lays) in order to change the directory permissions you could try:
sudo find . -type d -exec chmod 755 {} \;
Where: -type d stands for instances listed as directories found by find
command.
Then:
sudo find . -type f \( -iname '*.css' \-or -iname '*.htm*' \-or -iname '*.jpeg' \-or -iname '*.jpg' \-or -iname '*.gif' \-or -iname '*.png' \-or -iname '*.js' \-or -iname '*.mpeg' \-or -iname '*.mpg' \-or -iname '*.mp3' \-or -iname '*.avi' \-or -iname '*.txt' \-or -iname '*.doc' \-or -iname '*.pdf' \) -exec chmod 644 {} \;
Where: -type f stands for instances listed as files with given file extensions founded by find
command.
And finally:
find . -type f \( -iname '*.php*' \-or -iname '*.cgi' \-or -iname '*.pl' \-or -iname '*.py' \-or -iname '*.rb' \) -exec chmod 700 {} \;
Where: (again) -type f stands for instances listed as files with given file extensions founded by find
command.
Happy server management.