Hi,
I'm looking at the security of my sites.
I changed the file permissions for config.php and config.advanced.php to 400.
The folders are on 755 (I have suphp) and all other files are on 644.
What would be the right permissions for the .htaccess file and do you have any more suggestions on tightening the security?
Hi Marco,
With the config files set to owner read only assuming that everything works that's fine - it's only whatever user Apache is running as that requires access - and quite often that's a user such as www-data so that should be fine.
Bear in mind that Apache has tight security over any filename beginning . anyway, but assuming that everything's working with the config files set to 400 then that would be the tightest option available for .htaccess also...
The admin area has built in cookie security but some users choose to apply .htaccess HTTP authentication as well as / instead of which can normally be set-up through your hosting control panel - using the File Manager function look for a "Password Protect" option which should do the trick although it can be set-up manually of course using the htpasswd script - let me know if you need any pointers regarding that...
Cheers,
David.
--
PriceTapestry.com