Issue
I'm currently using WordPress 3.5 on nginx/1.2.6 with PHP-FPM web server setup on my VPS. I noticed a major security problem whenever I upload a wordpress plugin, it would default all the directories and files to 777 permissions. This would mean that I would need to correct these file permissions manually. I was wondering if anyone else out there had experienced this or has an idea what is causing this and how to fix it so it properly sets the correct permissions.
Any supportive advice would be greatly appreciated.
Solution
Only having a folder with 777 permission doesn't mean a security issue. If there is a buggy uploader PHP, then hackers could put a backdoor file to those folders. AFAIK wordpress needs writable folders for uploading and installing plugins. If you keep your wordpress up-to-date and if you don't have a buggy PHP uploader, you are not at risk.
Answered By - Vahid Farahmand Answer Checked By - Terry (WPSolving Volunteer)