Security

nicolafw

As I got hacked very badly, I want to be on the save side in the future. The main thing is of course to keep the installation updated.

But what else can I do? Permissions are on 755. Does it help to password protect directories like wp-core and wp-data?

acrylian

You mean zp-core and zp-data? If your server is properly configured the right permissions should be actually enough. Maybe disable directory listing as well.

Generally you could protect the folder via htaccess but Zenphoto needes to be able to write logs or config files (on setup) to the zp-data folder. We try to make it that zp-core can be read only but that starts with 1.4.2 rc2.