{"id":4328,"date":"2018-10-22T12:58:53","date_gmt":"2018-10-22T18:58:53","guid":{"rendered":"https:\/\/www.whitefirdesign.com\/blog\/?p=4328"},"modified":"2018-10-22T12:58:53","modified_gmt":"2018-10-22T18:58:53","slug":"making-an-unnecessary-change-to-a-website-that-breaks-updates-is-not-good-for-security","status":"publish","type":"post","link":"https:\/\/www.whitefirdesign.com\/blog\/2018\/10\/22\/making-an-unnecessary-change-to-a-website-that-breaks-updates-is-not-good-for-security\/","title":{"rendered":"Making an Unnecessary Change to a Website That Breaks Updates is Not Good for Security"},"content":{"rendered":"<p>There is a nearly endless amount of bad security advice for websites, so someone has to try hard to make theirs stands out, but that is what something we happened to run across recently from a company named\u00a0ENDURTECH did.<\/p>\n<p>Their post,\u00a0https:\/\/endurtech.com\/setting-proper-chmod-permissions-for-wordpress-wp-config-php-and-htaccess\/, suggested that you should change the permissions on a couple of WordPress files to the &#8220;proper&#8221; permissions:<\/p>\n<blockquote><p>Set CHMOD Permissions to 444 on the following files:<\/p>\n<ul>\n<li>.htaccess<\/li>\n<li>wp-config.php<\/li>\n<\/ul>\n<\/blockquote>\n<p>Those are not the proper permissions (if they were, you would assume that WordPress would set them that way for you) and they don&#8217;t make sense from a security perspective seeing as permissions only come in to play if someone has access to the files. In a normal hosting setup the only people that would have access to the files would also have permission to change the files permissions, so if you where to change those as suggested there, which would restrict editing the files, then those with access could change the permissions to be able to edit the files again, so this doesn&#8217;t provide a real benefit for most websites.<\/p>\n<p>Bad advice is very common, what made this stand out is what is stated before that in the post:<\/p>\n<blockquote><p>Please note that doing as suggested within this article will no doubt eventually\u00a0<strong>cause issues with\u00a0WordPress plugin\u00a0updates and maybe even\u00a0WordPress\u00a0core updates<\/strong>.<\/p>\n<p>This is because these files are no longer \u201c<em>editable<\/em>\u201c.\u00a0 Great for security, bad for updates.<\/p>\n<p>Just keep this in mind and visit your website from time to time to make sure that your updates are completing correctly<\/p><\/blockquote>\n<p>Keeping software updated will actually have a positive impact on security, so they are suggesting doing something that isn&#8217;t useful that by their own admission makes something useful harder, which is bad idea.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>There is a nearly endless amount of bad security advice for websites, so someone has to try hard to make theirs stands out, but that is what something we happened to run across recently from a company named\u00a0ENDURTECH did. Their post,\u00a0https:\/\/endurtech.com\/setting-proper-chmod-permissions-for-wordpress-wp-config-php-and-htaccess\/, suggested that you should change the permissions on a couple of WordPress files to &hellip; <a href=\"https:\/\/www.whitefirdesign.com\/blog\/2018\/10\/22\/making-an-unnecessary-change-to-a-website-that-breaks-updates-is-not-good-for-security\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Making an Unnecessary Change to a Website That Breaks Updates is Not Good for Security&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25],"tags":[234],"class_list":["post-4328","post","type-post","status-publish","format-standard","hentry","category-bad-security","tag-endurtech"],"_links":{"self":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/4328","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/comments?post=4328"}],"version-history":[{"count":7,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/4328\/revisions"}],"predecessor-version":[{"id":4344,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/4328\/revisions\/4344"}],"wp:attachment":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/media?parent=4328"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/categories?post=4328"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/tags?post=4328"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}