- Plesk for Linux
Note: This article has the reference to the issue with the fix available:
- #EXTWPTOOLK-1103 "The security checker “Permissions for files and directories” now agrees that 750 for directories is quite secure."
- WordPress Toolkit 3.1.0 19 April 2018
WordPress security checker shows alerts. Securing Wordpress with Security check of Wordpress toolkit does not take effect, red exclamation mark is shown again in Security checker
The following records can be found in /var/log/plesk/panel.log:
CONFIG_TEXT: Incorrect permissions on /var/www/vhosts/example.com/httpdocs/wp-content/wflogs/config.php: expected is one of 0644, actual is 0660
Incorrect permissions on /var/www/vhosts/example.com/httpdocs/wp-content/wflogs/rules.php: expected is one of 0644, actual is 0664
Incorrect permissions on /var/www/vhosts/example.com/httpdocs/wp-content/wflogs/wafRules.rules: expected is one of 0644, actual is 0660
Incorrect permissions on /var/www/vhosts/example.com/httpdocs/wp-content/wflogs/attack-data.php: expected is one of 0644, actual is 0660
Incorrect permissions on /var/www/vhosts/example.com/httpdocs/wp-content/wflogs/ips.php: expected is one of 0644, actual is 0660
- The files of WordFence plugin have the 660 permissions in the
# ls -la /var/www/vhosts/a2zathletics.com/httpdocs/wp-content/wflogs
-rw-rw---- 1 example psacln 40083 Sep 12 12:29 attack-data.php
-rw-rw---- 1 example psacln 1078866 Sep 12 12:31 config.php
-rw-rw---- 1 example psacln 51 Sep 12 12:31 ips.php
-rw-rw-r-- 1 example psacln 128057 Sep 12 12:31 rules.php
WordFence plugin is installed.
Wordfence plugin requires some files inside wp-content/wflogs directory to have different permissions that Security checker sets on them. This is a bug with ID EXTWPTOOLK-1103 which will be fixed in future Plesk updates.
The only way to get rid of red exclamation mark in Security checker, in this case, is disabling Wordfence plugin. Or just ignore the security checker's report.