Chown This! Linux File Permissions for WordPress Site Owners
File permissions and ownership are an important part of WordPress security, and every good article about hardening your WordPress security contains a discussion about file permissions. But what does this mean exactly? Today, we're going to show you how important file and directory permissions are to your WordPress site by demonstrating how hackers could discover and exploit improperly set permissions. We'll also talk about Linux file and directory ownership and how it works, and a number of quick and easy ways for you to ensure your WordPress site's file systems are safe and secure.
---------------------------------------------------------
Wordfence is offering free site security audits and site cleanings for K-12 schools worldwide.
https://www.wordfence.com/blog/2021/01/announcing-free-site-cleaning-site-security-audits-for-k-12-public-schools/
---------------------------------------------------------
Have you tried Wordfence Central yet?
https://www.wordfence.com/try-central/
---------------------------------------------------------
Check out Fast or Slow, the only free website speed profiler that tests your site from 18 locations worldwide.
https://www.fastorslow.com
---------------------------------------------------------
Sign up for the Wordfence WordPress Security mailing list. Be the first to know when there is a vulnerability in a plugin or theme you might be using.
https://www.wordfence.com/subscribe-to-the-wordfence-email-list/
---------------------------------------------------------
The Wordfence Learning Center has all you need to brush up on WordPress security and more:
https://www.wordfence.com/learn/
---------------------------------------------------------
Wordfence is the most popular choice of WordPress professionals for WordPress security. We have a number of security tutorials on our YouTube channel, including Wordfence tutorials. Wordfence security plugin is the number one choice in WordPress security plugins.
---------------------------------------------------------
Listen to the Think Like a Hacker Podcast
https://www.wordfence.com/podcast/
---------------------------------------------------------
#wordfence #wordpress #security
---------------------------------------------------------
00:00 Introduction
4:20 Linux File Permissions - WordPress File Structure
4:43 WordPress File Structure Explained (banner)
6:19 Users on a Linux File Systems vs WordPress Users
8:30 Create a New User Underneath Root
9:05 Is there a Group for Service Updates?
10:09 Question: Are we Always Talking about Linux?
11:13 Windows Uses Different Permissions
11:55 Linux File Permissions: Overview
13:27 Read, Write, and Execute
14:15 Executing a Bash File
15:25 Each Permission Gets a Number: Explained
18:15 Question: Is it Safe to Set Permissions so Auto Updates Work?
19:19 Overview of Linux Users & File Permissions
19:50 If You Don’t Own the Server, Assume that the Site Can be Compromised
21:01 Is a VPS More Secure than Shared Hosting?
21:45 What does CHMOD mean?
22:45 Question: Is there a need to address SELinux Permissions and/or Labeling?
23:40 Why Not Use Chmod 777?
26:00 What’s Up Next: Demos, Swag Winners, Horror Stories!
27:00 Question: How is your File Secure if Webserver’s Process User has to Have Write Permission to the Files for Automatic Update to Happen?
28:50 Whiteboard: Changing Permissions
29:30 Question: Instead of 644, Why Not Use 640 or 750?
30:25 Question: Is “Owner” is your server account?
30:55 Whiteboard: Changing Permissions for Folders
31:22 Demo: Changing Permissions using Filezilla
34:35 WP Config File with a .BAK - Why is that Dangerous?
37:20 Demo Part 2: Changing Permissions using Filezilla
38:30 Demo Part 3: Changing Permissions using Filezilla
40:43 WP Config File: What Permissions are we going to See on the WP Config File and Should Those Ideally be Changed?
43:40 What’s Up Next: Showcasing How to do this with File Manager and command line
44:25 Swag Winners!
45:30 Demo: Changing File Permissions Using File Manager
46:30 Demo: Changing File Permissions Using Command Line
47:00 Question: If another user on a shared hosting account with malicious intent has access to your file system, can that person can change the chmod settings?
48:09 Question: Any recommendations for not putting db userid/password in the wp-config file?
51:14 Question: Can Wordfence prevent WordPress files tampering when webserver’s process has write permission to wordpress’ files?
52:10: Clarifying: Folder is: 7-5-5; Files is:6-4-4
53:00 Demo Pt 2: Changing File Permissions Using Command Line
57:15 Using Windows for Command Line Option
57:42 What’s Up Next: Some Videos
58:00 We are Hiring!
58:15 Video: Chloe Chamberland's Journey at Defiant
1:02:09 Video: Billie Piper’s Experience with Wordfence
Видео Chown This! Linux File Permissions for WordPress Site Owners канала Wordfence
---------------------------------------------------------
Wordfence is offering free site security audits and site cleanings for K-12 schools worldwide.
https://www.wordfence.com/blog/2021/01/announcing-free-site-cleaning-site-security-audits-for-k-12-public-schools/
---------------------------------------------------------
Have you tried Wordfence Central yet?
https://www.wordfence.com/try-central/
---------------------------------------------------------
Check out Fast or Slow, the only free website speed profiler that tests your site from 18 locations worldwide.
https://www.fastorslow.com
---------------------------------------------------------
Sign up for the Wordfence WordPress Security mailing list. Be the first to know when there is a vulnerability in a plugin or theme you might be using.
https://www.wordfence.com/subscribe-to-the-wordfence-email-list/
---------------------------------------------------------
The Wordfence Learning Center has all you need to brush up on WordPress security and more:
https://www.wordfence.com/learn/
---------------------------------------------------------
Wordfence is the most popular choice of WordPress professionals for WordPress security. We have a number of security tutorials on our YouTube channel, including Wordfence tutorials. Wordfence security plugin is the number one choice in WordPress security plugins.
---------------------------------------------------------
Listen to the Think Like a Hacker Podcast
https://www.wordfence.com/podcast/
---------------------------------------------------------
#wordfence #wordpress #security
---------------------------------------------------------
00:00 Introduction
4:20 Linux File Permissions - WordPress File Structure
4:43 WordPress File Structure Explained (banner)
6:19 Users on a Linux File Systems vs WordPress Users
8:30 Create a New User Underneath Root
9:05 Is there a Group for Service Updates?
10:09 Question: Are we Always Talking about Linux?
11:13 Windows Uses Different Permissions
11:55 Linux File Permissions: Overview
13:27 Read, Write, and Execute
14:15 Executing a Bash File
15:25 Each Permission Gets a Number: Explained
18:15 Question: Is it Safe to Set Permissions so Auto Updates Work?
19:19 Overview of Linux Users & File Permissions
19:50 If You Don’t Own the Server, Assume that the Site Can be Compromised
21:01 Is a VPS More Secure than Shared Hosting?
21:45 What does CHMOD mean?
22:45 Question: Is there a need to address SELinux Permissions and/or Labeling?
23:40 Why Not Use Chmod 777?
26:00 What’s Up Next: Demos, Swag Winners, Horror Stories!
27:00 Question: How is your File Secure if Webserver’s Process User has to Have Write Permission to the Files for Automatic Update to Happen?
28:50 Whiteboard: Changing Permissions
29:30 Question: Instead of 644, Why Not Use 640 or 750?
30:25 Question: Is “Owner” is your server account?
30:55 Whiteboard: Changing Permissions for Folders
31:22 Demo: Changing Permissions using Filezilla
34:35 WP Config File with a .BAK - Why is that Dangerous?
37:20 Demo Part 2: Changing Permissions using Filezilla
38:30 Demo Part 3: Changing Permissions using Filezilla
40:43 WP Config File: What Permissions are we going to See on the WP Config File and Should Those Ideally be Changed?
43:40 What’s Up Next: Showcasing How to do this with File Manager and command line
44:25 Swag Winners!
45:30 Demo: Changing File Permissions Using File Manager
46:30 Demo: Changing File Permissions Using Command Line
47:00 Question: If another user on a shared hosting account with malicious intent has access to your file system, can that person can change the chmod settings?
48:09 Question: Any recommendations for not putting db userid/password in the wp-config file?
51:14 Question: Can Wordfence prevent WordPress files tampering when webserver’s process has write permission to wordpress’ files?
52:10: Clarifying: Folder is: 7-5-5; Files is:6-4-4
53:00 Demo Pt 2: Changing File Permissions Using Command Line
57:15 Using Windows for Command Line Option
57:42 What’s Up Next: Some Videos
58:00 We are Hiring!
58:15 Video: Chloe Chamberland's Journey at Defiant
1:02:09 Video: Billie Piper’s Experience with Wordfence
Видео Chown This! Linux File Permissions for WordPress Site Owners канала Wordfence
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
![WordPress Users, Permissions and Capabilities: Managing Access as Your WP Site Grows](https://i.ytimg.com/vi/ThzZdzkoP1w/default.jpg)
![Encryption: What WordPress Users Need to Know About Keeping Data Safe](https://i.ytimg.com/vi/nZxCxWqtLew/default.jpg)
![Wordfence Office Hours: Live Hacking WordPress Vulnerabilities with Chloe Chamberland - June 2, 2020](https://i.ytimg.com/vi/OTRBLndeWXs/default.jpg)
![Inherited an Explosive Mess? Lets talk WordPress Site Rehab!](https://i.ytimg.com/vi/fvKJ9BAPmGg/default.jpg)
![Photoshop for Beginners | FREE COURSE](https://i.ytimg.com/vi/IyR_uYsRdPs/default.jpg)
![Software on Cassette in USA and Canada - Apple, TRS-80, Atari, PET to Commodore 64](https://i.ytimg.com/vi/-nHrjqmt_wQ/default.jpg)
![Quantum Computing for Computer Scientists](https://i.ytimg.com/vi/F_Riqjdh2oM/default.jpg)
![Preventing Carding Attacks: Thwarting Credit Card Fraud on WooCommerce](https://i.ytimg.com/vi/dXEjgyqWKPs/default.jpg)
![The mind behind Linux | Linus Torvalds](https://i.ytimg.com/vi/o8NPllzkFhE/default.jpg)
![Wordfence Office Hours: Tuning Wordfence Security Alerts & Notifications - May 19, 2020](https://i.ytimg.com/vi/rb6QqvfGraM/default.jpg)
![Cross Site Scripting: How the Most Common WP Vulnerability Gets Hacked](https://i.ytimg.com/vi/5BCeXubHegw/default.jpg)
![WordPress 5.7 Major Release Today: Watch Before Updating](https://i.ytimg.com/vi/8o25tbcyd_M/default.jpg)
![Adobe Illustrator for Beginners | FREE COURSE](https://i.ytimg.com/vi/Ib8UBwu3yGA/default.jpg)
![10 Things You Absolutely Must Do to Secure a Fresh WordPress Installation](https://i.ytimg.com/vi/BFIum4Jorho/default.jpg)
![Dying in a Fire of Updates? WordPress 5.6 and PHP 8 Are Here.](https://i.ytimg.com/vi/MgDbnvuJmPc/default.jpg)
![Users, Groups and Permissions in Linux](https://i.ytimg.com/vi/zRw0SKaXSfI/default.jpg)
![Linux File Types and File Permissions](https://i.ytimg.com/vi/SdgiYoOi0CY/default.jpg)
![Swift Programming Tutorial for Beginners (Full Tutorial)](https://i.ytimg.com/vi/Ulp1Kimblg0/default.jpg)
![How to Clean Up After The Plus Addons for Elementor Hack](https://i.ytimg.com/vi/LYfg7iLbSlE/default.jpg)
![Beginner's Guide to the Bash Terminal](https://i.ytimg.com/vi/oxuRxtrO2Ag/default.jpg)