Securing a site

rayh2

I have my new CMS site up and now want to make sure that it is relatively secure. Is there a re "rule of thumb" for how to set directories and files?

Right now I have alot of files that are set to 755/777 and I know they have to be changed but I'm not sure which ones and still allow the site to operate.

I know that every site is different but I'm just looking for some general guidelines.

Thanks !

planetsim

Well permissions of 777 usually mean all users that can see the directory (not online but rather on the server) can write, read and execute in that directory. This could be a risk if the Administrator of the server (if on shared hosting) doesnt setup the directory security correctly a user on the same server could potentially view that directory and write to it. 755 usually means that the script can be executed and read by all but only the original owner can write to it. Its preferred unless you need to have the ability to execute the script you should set it to 644. Directories are slightly different, depending again on how the Administrator has setup the server you will need all directories to be 755.

rayh2

Thank you