WP 2.5?

ronnie · 2008-04-07, 10:29 PM

Am I missing something here, I just realized, seemed the whole deal with setting the htaccess file to 777 was so Wordpress could write the new htaccess file for you? It's always been like that.

Then again, when you set up permalinks, WP gives you the htaccess code, you just copy and paste it into your htaccess file and upload it.

Not much need to have a security hole so that WP can write the file instead of just doing it yourself.

Just like when I see people changing the file permissions on their theme files, so they can edit them in WP, when it's just as easy to do it with a web page editor.

Perfect example, some one hacked one of my blogs this am (partly my fault, left less then secure WP pass as it was), if all my files where editable (777), they could have done much more. They could have done little things that I might not even notice.

This was no 2.5 bug or error.

Or I missed something?

Maj. Stress · 2008-04-07, 11:26 PM

My copy of 2.5 did not give me any code to put in htaccess (and did not come with a htaccess file). I remember 1.5 did.

walrus · 2008-04-08, 02:12 AM

Quote:

Originally Posted by Maj. Stress

My copy of 2.5 did not give me any code to put in htaccess (and did not come with a htaccess file). I remember 1.5 did.

WP hasn't come with a htaccess file for awhile now. I can't remember a 2.x file that did.

I haven't upgraded to 2.5 yet but to my knowledge all WP versions will give you the htaccess code in permalinks when you try to set it if it can not write to the file.

I agree with ronnie why set anything writable if you don't absolutely have to

Maj. Stress · 2008-04-08, 02:51 AM

Quote:

Originally Posted by walrus

WP hasn't come with a htaccess file for awhile now. I can't remember a 2.x file that did.

I haven't upgraded to 2.5 yet but to my knowledge all WP versions will give you the htaccess code in permalinks when you try to set it if it can not write to the file.

I agree with ronnie why set anything writable if you don't absolutely have to

The copy of 2.5 that I installed gave me a warning without any code to put in htaccess. It said something about making my htaccess writeable.

I haven't installed wordpress in almost 2 years so this was all new to me.

2008-04-07, 10:29 PM	#1
ronnie Wheither you think you can or you think you can't, Your right. Join Date: Jun 2004 Location: midwest Posts: 2,274	Am I missing something here, I just realized, seemed the whole deal with setting the htaccess file to 777 was so Wordpress could write the new htaccess file for you? It's always been like that. Then again, when you set up permalinks, WP gives you the htaccess code, you just copy and paste it into your htaccess file and upload it. Not much need to have a security hole so that WP can write the file instead of just doing it yourself. Just like when I see people changing the file permissions on their theme files, so they can edit them in WP, when it's just as easy to do it with a web page editor. Perfect example, some one hacked one of my blogs this am (partly my fault, left less then secure WP pass as it was), if all my files where editable (777), they could have done much more. They could have done little things that I might not even notice. This was no 2.5 bug or error. Or I missed something?

2008-04-07, 11:26 PM	#2
Maj. Stress Progress rarely comes in buckets, it normally comes in teaspoons Join Date: Jun 2005 Location: Dark Side Of Naboo Posts: 1,289	My copy of 2.5 did not give me any code to put in htaccess (and did not come with a htaccess file). I remember 1.5 did.