Display

Choose how you want to view this site. Your choices are saved on this device.

Text size
Page width
Theme

Security & maintenance

Suspicious files and permissions: what they can indicate

Updated 2026-04-11 · Practical guide for NZ small businesses

Short answer: Unexpected PHP in upload folders, world-writable directories, or files with recent timestamps outside deploy windows often signal compromise—or risky plugin behaviour worth fixing.

You do not need to become a forensic expert; you need enough literacy to spot “this should not exist” and escalate early.

Permission patterns that matter

  • Uploads and cache dirs: should not execute PHP; if they can, that is high risk.
  • Config files: should not be world-readable on shared hosting beyond what the host requires.
  • Sudden changes: mass-edited files the same night you installed an unknown plugin deserve scrutiny.

Filenames and locations to watch

Obscure PHP files with random names, duplicated “index.php” in odd paths, or giant base64 blobs in theme folders are common red flags. Compare against a clean reference (staging or vendor package) when unsure.

Healthy habit: known-good deploys

Track releases in git or a changelog so you can diff “what changed” when something looks wrong. Chaos without version history turns every alert into guesswork.

Frequently asked questions

Will my security plugin catch everything?

Plugins help but are not oracle-level. Layer host-level scanning, backups, and least-privilege accounts.

Are “permission777” folders ever OK?

Rarely on modern stacks—treat 777 as a smell unless your host documents a specific exception.