<b>File Permission Audit SOP</b>
Wrong permissions are the quietest backdoor. Audit, don't assume.
— Step 1: Directories to 755, files to 644: <code>find . -type d -exec chmod 755 {} \;</code> then <code>-type f</code> to 644.
— Step 2: Lock <code>wp-config.php</code> to 640 (or 600 if PHP runs as the owner).
— Step 3: Verify no 777 anywhere: <code>find . -perm 0777</code> must return empty.
— Step 4: Confirm <code>wp-content/uploads</code> has no <code>.php</code> files — that means an upload bypass.
— Step 5: Check ownership: web user owns files, never root. <code>find . ! -user www-data</code> should be empty.
Run this monthly and after every server migration.
Run this every time.
Lockdown Ledger
@LockdownLedger
<b>File Permission Audit SOP</b>
Этот пост опубликован в Telegram-канале Lockdown Ledger. Подписаться можно по ссылке: @LockdownLedger.