opendir failed to open dir in class-itsec-file-change.php line 452

@jim Camomile & @galbaras

It’s a security issue in iThemes Security plugin right from the version 4.3.2
We have been investigating for this PHP warning on several wordpress installations. Yesterday, found that one or both of the following generating PHP Warning messages. All these PHP warnings can also be seen at error_log files in wordpress installation root directory and wordpress own directory (if wp installated in its own directory).

These PHP warnings revealing cPanel user names and directory structure of the wordpress installations. It is a security breach.

We suggest the following actions from admins as a temporary solution to make a check not to reveal such vital info to public.

Under file change detection>>
1).Deselect “Split File Scanning”

2).From drop down options for “Include/Exclude Files and Folders”
select “Exclude Selected”

3).From “Files and Folders List” add directories similar to the following:
wp-content/cache/
wp-content/uploads/ithemes-security/

Depending on word press installation and plugins installed along with iThemes Security, any one or all of the above said 3 setups will give you peace of mind.

Mainly first option from the above, “Split File Scanning” generating PHP warnings even cache plugins not installed. Even fresh installation of wordpress with this setup generating php warnings.

I hope plugin authors might release fix for this in the upcoming versions.

Note: Some search engines revealing these error info along with website url in search results. If any one of your sites data is revealing in search engines like google, then request for removal of that info from search results through webmaster tools.

Hey galbara!
Happy to hear that you found and fixed you problem. 😀

Hay @ Giorgio25b
Great to hear that. 😀