Skip to main content

Revert security measures in wordPress toolkit that can't be reverted.

Comments

17 comments

  • cPRex Jurassic Moderator
    Hey there! It's possible that this makes too many changes to be easily reversed, but I have reached out to the WordPress Toolkit team with this question and I'll let you know what I find out!
    0
  • Cultidev
    Hi, Thank You!
    0
  • cPRex Jurassic Moderator
    The WordPress Toolkit team confirmed that this removes insecure permissions from files and directories in WordPress. For example, if a file had 755 permissions, it would remove the "rw" permission for the "other" user. Was there a specific complaint from the Wordfence configuration? Maybe there was a specific file that needed to be adjusted while that installation happens?
    0
  • Cultidev
    Hi, Kindly see what Wordfence said below: Wordfence through the www-data user on your server requires physical file access for its log files and firewall rule updates. The firewall optimization is achieved by altering the auto_prepend_file directive in your .htaccess file and running this before site content is hosted to any visitors requesting pages on your site.
    0
  • Cultidev
    I hope that helps.
    0
  • cPRex Jurassic Moderator
    Thanks for that information. I'm guessing the "www-data" user is just the username on the account. Can you try changing the permissions on the local .htaccess file to 755 to see if that allows Wordfence to run? Assuming this is in the public_html directory, you'd just need to run this command and change the cPanel username: chmod 755 /home/username/public_html/.htaccess
    0
  • Cultidev
    Just to confirm I run that command in the cPanel terminal?
    0
  • cPRex Jurassic Moderator
    That's correct - it doesn't matter if this is run as root or the cPanel user. Just make sure to change "username" to your actual cPanel username.
    0
  • Cultidev
    I think I don't have access to the terminal. I couldn't see the terminal and after doing a quick search in cPanel, I get no results when searching terminal.
    0
  • cPRex Jurassic Moderator
    You can also do this from the right column of cPanel >> File Manager - I've attached a screenshot showing an example of that area, and you just click on the permission numbers to edit them.
    0
  • Cultidev
    Hi, I changed it and when I refreshed it reverted back to 644.
    0
  • cPRex Jurassic Moderator
    I'm not certain why that would be the case. You may need to reach out to your hosting provider or datacenter to have them check the issue, since your cPanel account doesn't have the access necessary to examine the server settings.
    0
  • Cultidev
    Ok, will contact them and check. Thanx
    0
  • cPRex Jurassic Moderator
    Let me know what they have to say!
    0
  • Cultidev
    Ok, Will do. Thank you for your assistance thus far!
    0
  • Cultidev
    Hi, I contacted my host and they run the command and the file"s permission is 755 but it seems like it"s still breaking Wordfence"s firewall. I think I"m going to send a screenshot of all the settings in WordPress Toolkit and ask Wordfence which ones coould break the WordFence firewall. Regards
    0
  • cPRex Jurassic Moderator
    Thanks - let me know what they say!
    0

Please sign in to leave a comment.