Part of securing a WordPress installation is checking up on your file permissions. In order to prevent overwriting by malicious code, limit the permissions to read-only except where necessary.
Here’s a good start:
Relative Path | Suggested permissions |
---|---|
/ | 0755 |
/wp-admin | 0755 |
/wp-includes | 0755 |
/wp-config.php | 0444 |
/wp-content | 0755 |
/wp-content/themes | 0755 |
/wp-content/plugins | 0755 |
.htaccess | 0444 |
I should also mention that I highly recommend WordFence for securing the internal WP system itself.