Wordpressframework~30 mins

File permission hardening in Wordpress - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

File permission hardening in WordPress

📖 Scenario: You are managing a WordPress website. To keep your site safe, you need to set the correct file permissions. This helps stop hackers from changing important files.

🎯 Goal: You will create a simple WordPress plugin that sets secure file permissions for key WordPress files and folders automatically.

📋 What You'll Learn

Create a plugin folder and main PHP file

Define a configuration variable for permission mode

Write a function to set permissions on WordPress files and folders

Hook the function to run when the plugin is activated

💡 Why This Matters

🌍 Real World

Setting correct file permissions is a key security step for WordPress sites to prevent unauthorized file changes.

💼 Career

WordPress developers and site administrators often need to write plugins or scripts to automate security hardening tasks like file permission management.

Progress0 / 4 steps

Create the plugin main file

Create a PHP file called file-permission-hardening.php with the WordPress plugin header including Plugin Name: File Permission Hardening and Version: 1.0.

Wordpress

<?php
/*
Plugin Name: File Permission Hardening
Version: 1.0
*/

// Your code here

Need a hint?

The plugin header must be at the top of the PHP file inside a comment block.

Add a configuration variable for permissions

Add a variable called $permission_mode and set it to 0644 for files permission mode.

Wordpress

<?php
/*
Plugin Name: File Permission Hardening
Version: 1.0
*/

// Define permission mode
// Your code here

Need a hint?

Use an octal number for permission mode. Prefix with 0.

Write the function to set file permissions

Write a function called set_secure_permissions that uses chmod to set $permission_mode on wp-config.php file in the WordPress root folder. Use ABSPATH constant to get the root path.

Wordpress

<?php
/*
Plugin Name: File Permission Hardening
Version: 1.0
*/

$permission_mode = 0644;

// Define function to set permissions
// Your code here

Need a hint?

Use global $permission_mode; inside the function to access the variable.

Hook the function to plugin activation

Use register_activation_hook with __FILE__ and set_secure_permissions to run the function when the plugin is activated.

Wordpress

<?php
/*
Plugin Name: File Permission Hardening
Version: 1.0
*/

$permission_mode = 0644;

function set_secure_permissions() {
    global $permission_mode;
    $config_file = ABSPATH . 'wp-config.php';
    if (file_exists($config_file)) {
        chmod($config_file, $permission_mode);
    }
}

// Hook function to plugin activation
// Your code here

Need a hint?

This hook runs your function when the plugin is activated in WordPress admin.