Revert security measures in wordPress toolkit that can't be reverted.

Cultidev

Member
Aug 16, 2022
13
1
3
South Africa
cPanel Access Level
Reseller Owner
Hi All,

I recently used the WordPress toolkit for the first time and activated all the security measures. Unfortunately the setting "Restrict access to files and directories" breaks my Wordfence security. I believe this is the setting breaking my WordFence security.

It says it can't be reverted but I really need to revert this setting. Is there any other possible way to revert this setting to see if this fixes my issue?

Thank you for your input!

Regards
 
Last edited by a moderator:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
12,499
1,971
363
cPanel Access Level
Root Administrator
The WordPress Toolkit team confirmed that this removes insecure permissions from files and directories in WordPress. For example, if a file had 755 permissions, it would remove the "rw" permission for the "other" user.

Was there a specific complaint from the Wordfence configuration? Maybe there was a specific file that needed to be adjusted while that installation happens?
 

Cultidev

Member
Aug 16, 2022
13
1
3
South Africa
cPanel Access Level
Reseller Owner
Hi,

Kindly see what Wordfence said below:

Wordfence through the www-data user on your server requires physical file access for its log files and firewall rule updates. The firewall optimization is achieved by altering the auto_prepend_file directive in your .htaccess file and running this before site content is hosted to any visitors requesting pages on your site.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
12,499
1,971
363
cPanel Access Level
Root Administrator
Thanks for that information. I'm guessing the "www-data" user is just the username on the account. Can you try changing the permissions on the local .htaccess file to 755 to see if that allows Wordfence to run? Assuming this is in the public_html directory, you'd just need to run this command and change the cPanel username:

chmod 755 /home/username/public_html/.htaccess
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
12,499
1,971
363
cPanel Access Level
Root Administrator
I'm not certain why that would be the case. You may need to reach out to your hosting provider or datacenter to have them check the issue, since your cPanel account doesn't have the access necessary to examine the server settings.
 

Cultidev

Member
Aug 16, 2022
13
1
3
South Africa
cPanel Access Level
Reseller Owner
Hi,

I contacted my host and they run the command and the file’s permission is 755 but it seems like it’s still breaking Wordfence’s firewall.

I think I’m going to send a screenshot of all the settings in WordPress Toolkit and ask Wordfence which ones coould break the WordFence firewall.

Regards