preload

Automatic WordPress Plugin installations

Posted by prozilla on Jul 14, 2009

Wordpres has a great little option in the admin area that gives you the option to install plugins, for those who done know what a plugin is, it’s an expantion for WordPress that allows you do all kinds of cool stuff. Some plugins are paid but most are free and widely available on the net and at WordPress’s website (http://www.wordpress.org). Currently the WordPress library has over 5,000 plugins that could do anything from controlling content and members to adding calendars layout and even diplaying the weather if your into that sort of thing, but, using the installer option, has some security issues that need to be addressed first. Personaly I install plugins manually via FTP, but that’s not the point of this post.

For starters to install a new plugin, WordPress requires permissions to be set on the content uploads folder to 777 which essentially is global read, write and exacutable. Is this bad? Uh yeah, can be, if you know that hackers seek this folder out so they can upload their nasty little files and have their way with your server, but, not to worry you can still use the automated installer for plugins if you want, just make sure you follow these steps…

By default the upload folder is /public_html/username/wp-content/upgrade/. But to upload to this folder, WordPress needs the folder permissions to be set to 777 which can make it easy for files to get uploaded, so you will want to change the permission on this folder when you are doing installs and change it right back to 755. This will prevent anything from being uploaded.

The common files hackers like to upload is phishing files, which are HTML files that look like another website with a login for. Phishing, is attempted for Ebay, PayPal and banks. Phishers will send you an email saying you need to login and rather than going to the proper website, they go to the phishing location on your server which in turn mails the phisher the login information when accessed. There are other files that hackers may try to upload but phishing is the most common.

Using Cpanel, assuming you are on Cpanel, login and go to the File Manager, from here you can navigate to the uploads folder and change permissions to 777. Once you have completed the installs you want from your WordPress admin, you can change the permissions back to 755.

  • Leave a Reply

    * Required
    ** Your Email is never shared

Join Now

:) Copyright 2002-2010 Prozilla 2.0 | Terms and Conditions | SEO Forum | Join Prozilla 2.0 | Faqs | Support | Calgary Painters