I’ve read articles about protecting wp-config.php using .htaccess as well as setting the correct file permissions but I want it all in one place. What should my .htaccess file look like and what folders is it safe to have 777 vs 755 permissions?
Hardening WordPress on the WordPress Codex is a very good article on how to secure your WordPress blog, which goes into quite some detail on file permissions, as well as some other methods of securing WP.
Generally, it’s never a good idea to have 777 set on anything. Read the links Thomas provided for more detail, but as a general rule 755 for folders and 644 for files is a good practice.
I am not an expert on this, but I hear that there is no need for .htaccess if you are using newer versions of Apache (IIS had this feature for quite some time.) You can disable directory browsing in your Apache config. It is the Indexes option in the Options directive of the Directory directive.
I don’t know if 777 is required by any. 755 is probably safe for content folders.
There are 3 type of users in apache, or almost any webserver
users, groups, other
add user give him right permissions add him in webserver write permissioned group
give him owner ship of web root ,
also see these to links