xefix

Hello Dave,

The setup that I’m talking about: we have cPanel setup with multiple users.
The files under …/user-account/public_html are owned by the user:user (755 for directories and 644 for files), and this is the default setup for cPanel.
The apache/php processes are run under the “nobody” user (www-data, same thing).
The files created by WordPress (cache files, images, etc) are created with the 644 permissions (the umask that the php process is using) – this works as intended.

The Wordfence plugin is explicitly setting the files permissions to 600 – and I am assuming that the plugin is ignoring these files and re-writes them on every page load – which I am not sure that is the intended behaviour(if the plugin works correctly for websites that are hosted on cPanel).