Support » Plugin: Salt Shaker » UNSAFE file permissions set by plugin

  • I’ve been using this plugin for a long time to try help harden WordPress installs against hackers.

    I recently noticed that the file permissions on the wp-config.php files kept being changed to 666 and thought that my sites had been hacked.

    By pure luck and chance, while looking at a site error log, I found that this file wp-content/plugins/salt-shaker/_inc/core.class.php has this code towards the bottom

    //set the recommended permissions to wp-config.php read:

    chmod($config_file, 0666);

    This changes the permissions on your wp-config.php file to 666 meaning that the whole world can read and write to your wp-config file!!!!! WTF!
    Anyone would have total access to server paths, database details as well as password
    , etc.

    Additionally I have noted that while it is changing the SALTS it still allows me to remain logged into the site instead of logging ALL users out as it should be.



    • This topic was modified 3 years, 6 months ago by wiredafrican.
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘UNSAFE file permissions set by plugin’ is closed to new replies.