- Plesk for Linux
Note: This article has the reference to the issue with the fix available:
- #EXTWPTOOLK-1103 "The security checker “Permissions for files and directories” now agrees that 750 for directories is quite secure."
- WordPress Toolkit 3.1.0 19 April 2018
WordPress security checker shows alerts. Securing Wordpress with Security check of Wordpress toolkit does not take effect, red exclamation mark is shown again in Security checker
The following records can be found in /var/log/plesk/panel.log:
CONFIG_TEXT: Incorrect permissions on /var/www/vhosts/example.com/httpdocs/wp-content/wflogs/config.php: expected is one of 0644, actual is 0660
Incorrect permissions on /var/www/vhosts/example.com/httpdocs/wp-content/wflogs/rules.php: expected is one of 0644, actual is 0664
Incorrect permissions on /var/www/vhosts/example.com/httpdocs/wp-content/wflogs/wafRules.rules: expected is one of 0644, actual is 0660
Incorrect permissions on /var/www/vhosts/example.com/httpdocs/wp-content/wflogs/attack-data.php: expected is one of 0644, actual is 0660
Incorrect permissions on /var/www/vhosts/example.com/httpdocs/wp-content/wflogs/ips.php: expected is one of 0644, actual is 0660
WordFence plugin is installed.
Wordfence plugin requires some files inside wp-content/wflogs directory to have different permissions that Security checker sets on them. This is a bug with ID EXTWPTOOLK-1103 which will be fixed in future Plesk updates.
The only way to get rid of red exclamation mark in Security checker, in this case, is disabling Wordfence plugin. Or just ignore the security checker's report.