Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By calso000 on
After running the Security Review Module, there was a statement saying something to the effect that the permissions should not be set to "Write."
After speaking with my hosting company (hostgator) they informed that it was standard for files to have 644 permissions and folders to have 755 permissions.
Any thoughts on this being okay?
Thanks!
Comments
I am guessing we are talking
I am guessing we are talking about settings.php which you should change to be non-writable.
The security review module
The security review module says:
----
"Some files and directories in your install are writable by the server."
"It is dangerous to allow the web server to write to files inside the document root of your server. Doing so would allow Drupal to write files that could then be executed. An attacker might use such a vulnerability to take control of your site. An exception is the files directory which Drupal needs permission to write to in order to provide features like file attachments."
----
Is there anything special that I should do with the settings.php file? There are passwords, user names and database info in there....
Thanks!