Support » Plugin: EasyRotator for WordPress - Slider Plugin » Insecure Permission (777)

  • Resolved j.dominionated

    (@quickbeforeitmelts)


    I have recently added a new Rotator to my Dreamhost hosted site, and received an email notice about insecure permissions that DreamHost was able to remedy. There has been no adverse affect to the site or the rotator, but the issue came up a second time when I installed another rotator, and I’m concerned that this may be an ongoing issue if I install more of my planned rotators, and I don;t want my website flagged for being a security risk to the rest of the server.

    Is there a way to fix these insecure permissions or address the installation of the plugin to avoid this from happening every time a rotator is installed?

    Files/folders with permission issues:
    …/wp-content/uploads/EasyRotatorStorage/user-content/erc_42_1436124412/content/content.html

    https://wordpress.org/plugins/easyrotator-for-wordpress/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author DWUser

    (@dwusercom)

    Hi,

    Thanks for using EasyRotator! In the easyrotator-for-wordpress/engine/main.php file, the program will attempt to update folders using chmod if they are not initially writable. You can run a search/replace for

    0777

    and replace it with e.g.

    0666

    That should ensure that any files whose permissions get modified are writable but not executable. Files are filtered when they are uploaded to this directory, and they can only be uploaded by fully authenticated users, but another rogue script or process could potentially deposit files there that could pose a threat.

    Let me know if there’s anything else I may assist with!

    Sincerely,
    Drew O’Neill

    Thread Starter j.dominionated

    (@quickbeforeitmelts)

    Thanks for the prompt reply. Ran a search and replace and will let you know if any firther issues arise.

    This is one of my favourite plugins!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Insecure Permission (777)’ is closed to new replies.