I don't think you need to worry about the local permissions.
On a hosted site, /wp-content/uploads is not normally open to the public. It is used when a logged in WP user with appropriate WP rights desires to upload content using one of the upload/insert functions that appears above the post text field.
Unless you have enabled public ftp access to that directory, it should be available only to someone with a WP login and appropriate rights (for a linked upload using the built-in uploader) or to an ftp login with access to that directory. If it is available to public ftp, the thing to do is turn off the public ftp.
I have public ftp access turned off with my hosting service. The only way to ftp to my site to use my personal ftp username and pword.
In other words, if your server security is set properly, the local rights on that directory are a non-issue. If people can't get in the front door, they won't get in the closet.
And if a bad guy is sitting at your server doing bad stuff at the keyboard, you have security problems far more serious than permissions issues.
|