I’m concerned about leaving wp-config.php writable. Isn’t this considered a vulnerability or does your plugin somehow circumvent this vulnerability?
It makes it non writable (4-0-0).
For instance once enabled if you go into permalink settings you will get a warning saying WordPress can not write to htaccess file so you need to make changes manually or enable write permissions.
As for the curl_exec I have no idea…
My wp-config is set to 444 after having fully configured iThemes Security.
- Should I manually remedy the permission?
- My wp-config is moved up one directory for security. Does this prevent iThemes Security from doing its job?
Sorry for taking so long to reply, …this support forum /*shoots self in the head */
1. Yes make it 400.
2. No, if wordpress can find it ithemes can. That’s fine.
3. Please mark thread as solved, if you figured it out.
The answer to your curl question, from your initial post, related to iTSec plugin is NO.
The iTSec plugin uses curl as a fallback mechanism in only 1 function (get_ssl()).
This function is used to determine whether the server supports SSL.
It will first attempt to use the WordPress HTTP API (wp_http_supports()) and if that fails it will try to use curl (if (function_exists( ‘curl_init’ )) { ).
So I guess it’s safe to disable the curl_exec() function.
dwinden
If your questions were answered to your satisfaction please mark this topic as ‘resolved’.
dwinden
Thanks for the confirmation on curl_excec() and the wp-config.php location/permissions.
I’m very satisfied with this plugin.