WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] Can't change permissions on certain files (5 posts)

  1. snowmoon
    Member
    Posted 2 years ago #

    Hi

    I've been installed BPS after a hack on my site. Pleased with how things are going at the moment but have a question. On the "Security Status" page, it's showing me a few files with recommended permissions. For example,

    ../.htaccess (recommended) 404 (current) 644

    but when I tried to change it to 404, it immediately reverts to 644.

    Any idea why this is and how I can get around this?

    Thank you!

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    Did you completely restore your website from a known good backup? BPS is designed to protect your website from being hacked, but if it was already hacked or the hackers code is actually still within your website files or database then BPS is not designed to do things like automatically clean up a hacked website or protect against hackers code that is already within your website.

    What SAPI type is BPS detecting? CGI or DSO? DSO file permissions should not and sometimes cannot be set any more restrictive than 644 permissions. Also some web hosts have limitations on file and folder permissions that you can use on your Hosting account. Check with your Web Host to see what requirements / limitations you have for your particular Hosting Account.

  3. snowmoon
    Member
    Posted 2 years ago #

    My SAPI is CGI. I have just read the Read Me file for File and Folder Permissions and I understand now about some hosts restricting permissions. Sorry, I should have read it before!

  4. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    Well don't just give up on trying to change the file permissions. ;) Check with your Host. This is actually something that is very important to do so it is worth knowing where you stand with your Host. Mass Code Injection attacks on Web Host Servers exploit Group Permissions to carry out a successful hack. So it is important that you should remove Group Permissions from your root .htaccess file. The hackers target these files specifically in mass code injection attacks. Root .htaccess, Root index.php and Root wp-blog-header.php.

  5. snowmoon
    Member
    Posted 2 years ago #

    Thanks. I will check with my host and see what they say.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic