-
Posts
-
I would appreciate a response to this specific issue. I have searched the forums and your solution is to tell users to change the permissions from 777 to 755, however, you never address why you have it set to 777 or when it will be fixed. Having and end user change the permissions is not solving the problem and I would like to be advised when you will be addressing this issue directly.
We use and really like your Enfold theme – it is the best WordPress them I have every used. However, the dynamic_avia permissions of 777 is extremely problematic and a real cause for concern about the seriousness that you company has in regard to security. Any web host that takes security seriously will disable that immediately. There is NO reason for any WordPress directory to have 777 permissions. 775 is like leaving you car in the city unlocked – 777 is analogous to leaving it unlocked with the keys in it – leaving your website wide open to malicious attack.
To leave these directories at 777 and have subsequent updates overwrite the 755 to 777 is an egregious security issue. Please advise when this will be fixed. I am extremely puzzled and troubled by why this has yet to be addressed by your company.
I would appreciate your attention to this very important issue.
I note that you have addressed so many questions after this was posted but have not addressed this very important security question – please advise.
We are anxious to hear of this resolution. As are several other users. Thank you Kriesi for your attention to this – it is very important in this day of non-stop security breach attempts and this vulnerability is now known on the internet.
CJHi,
We have reported it and if there is a case scenarion where it should be fixed, it will.
You are right it is a small issue ( not a huge one, as it requires different methods to be applied ).
However, sometimes on some shared webhosting servers you need have a folder that has risky 777 permissions (or, if possible, 775 which is a little bit better).
As an example you can consider a folder where website users can upload their photos or images.So, the actual reason is that we try to keep compatibility with ALL servers, even those who do not have advanced Apache Configuration ( and believe us, they are a lot )
Best regards,
BasilisI actually think it is a significant issue – as I can find NO example of where it is appropriate to have a directory in WordPress 777 – however it is a very significant security breach point – one any web host worth their credentials will refuse to allow. We work with around one hundred themes and your company is the only one we work with that sets any directory to 777. Themes stopped doing this years ago.
Additionally if you have very basic users and there web host blocks them (which is happening in many web host platforms currently and increasing all the time) it will be a greater challenge to show them how to increase their permissions that it is to leave it wide open for the few that have insecure web host platforms – please stop catering to a few and be part of making WordPress as secure a platform as we can.. You should always lead by example.
You have an excellent reputation – I would be a waste of time to allow something as easy to fix as this ruin that reputation.A number of your themes were referenced in a web developers forum of themes that do not take security seriously – I am looking forward to posting that it has been take care of. I really like your themes and would like to continue to recommend them.
CJ
- The topic ‘dynamic_avia 777 permissions’ is closed to new replies.