CMS Made Simple Forums

Hi

Now that I have CMSMS up and running, can anyone advise me on how to make sure my installation is secure?

Is there a default set of values say, for the .htaccess? I know that the installation documentation stipulates that certain folders need a CHMOD of 777; but I've read somewhere that this can make those folders susceptible to hacking! Is this correct?

Does anyone know of a good place to start where I can get the low-down on things like .htaccess ect..?

The thing is I like many people that are probably using this CMS, I know enough to get me from A to B but not C!

Basically the 777 is only needed for directories that the web server needs to write too.  Uploads, because when you upload a file from the file manager, then it's actually getting written by the web server.

Everything else should be safe with a 755, meaning that the web server can only read them.

777 isn't technically opening the directory up to hacking.  It just means that it's not as locked down as it "should" be. But, that's part of the risks (I'm using this word, though it's a little harsh for this context) of being able to have a web service write files for you.