I noticed that I have some files on my sites with 0777 permission, the rest are 0644. All my folders are 0755

I read that all files should be 0644, is that correct? I have no idea why I have those 0777, I never changed anything.
Please advice if I should change them to 0644.

thanks

You need to understand what those numbers mean before you go changing them willy-nilly.

It's usually described as three permission levels - the owner of the file, the group to which that owner belongs (not really relevant in this kind of hosting - used in a corporate setup), and the rest of the world. (I'm not sure what the leading "0" applies to - it doesn't appear to be used anywhere.)

Then there are three possible access levels (read, write, execute). The numbers are simple octals. So:

* 0 = no permissions whatsoever; this person cannot read, write, or execute the file
* 1 = execute only
* 2 = write only
* 3 = write and execute (1+2)
* 4 = read only
* 5 = read and execute (4+1)
* 6 = read and write (4+2)
* 7 = read and write and execute (4+2+1)

So, a "644" means that the owner of the file can read and write to it, the group and world can only read it. Note that with this setting, not even the owner can execute the file, which, if it's a server-side script, is going to cramp your style somewhat!

where the 0777 appears are just plain html files like the rest of my html files that have 0644.
I just don't see why some files are 0777 and others 0644.
I read that 0777 can be a security risk, that's why I'm asking if I should change these files to 0644.

For plain static HTML and CSS files, 644 would be correct - you can read and write, everyone else can just read. They aren't executables, so there's no need for execute permission for anyone, and visitors should never be writing to them.

Some files are 777 because the entire world actually does need to be able to read, write, and execute them. But not plain HTML files.

Directories are set at 755 (r/w/e for you, r/e for the world) because in order to access the files in a directory, "execute" permission is needed (tough to explain why "read" isn't good enough, but it isn't). So leave directories in public_html set to 755, or you'll have problems.

No one can access anything outside of public_html at all, of course, so whatever permissions are on those files should probably be left alone.

Files that have been created by a script installation, like Wordpress or Joomla, should also be left alone unless you find some very specific instructions about changing them, along with a very specific reason for doing so. Otherwise, things are going to break!

ok thanks, I will change these 0777 files permissions to 0644

Depending on the CMS script you have, I also suggest that you chmod 444 all index files. This is a security step for index injection. Most Open source scripts are getting affected.

Depending on the CMS script you have, I also suggest that you chmod 444 all index files. This is a security step for index injection. Most Open source scripts are getting affected.
I don't have any CMS, only a coppermine gallery and the rest of my site is static html