Revert security measures in wordPress toolkit that can't be reverted.

[Cultidev]

Hi All,

I recently used the WordPress toolkit for the first time and activated all the security measures. Unfortunately the setting "Restrict access to files and directories" breaks my Wordfence security. I believe this is the setting breaking my WordFence security.

It says it can't be reverted but I really need to revert this setting. Is there any other possible way to revert this setting to see if this fixes my issue?

Thank you for your input!

Regards

 

[cPRex]

Hey there! It's possible that this makes too many changes to be easily reversed, but I have reached out to the WordPress Toolkit team with this question and I'll let you know what I find out!

 

[Cultidev]

Hi,
Thank You!

 

[cPRex]

The WordPress Toolkit team confirmed that this removes insecure permissions from files and directories in WordPress. For example, if a file had 755 permissions, it would remove the "rw" permission for the "other" user.

Was there a specific complaint from the Wordfence configuration? Maybe there was a specific file that needed to be adjusted while that installation happens?

 

[Cultidev]

Hi,

Kindly see what Wordfence said below:

Wordfence through the www-data user on your server requires physical file access for its log files and firewall rule updates. The firewall optimization is achieved by altering the auto_prepend_file directive in your .htaccess file and running this before site content is hosted to any visitors requesting pages on your site.

 

[Cultidev]

I hope that helps.

 

[cPRex]

Thanks for that information. I'm guessing the "www-data" user is just the username on the account. Can you try changing the permissions on the local .htaccess file to 755 to see if that allows Wordfence to run? Assuming this is in the public_html directory, you'd just need to run this command and change the cPanel username:

chmod 755 /home/username/public_html/.htaccess

 

[Cultidev]

Just to confirm I run that command in the cPanel terminal?

 

[cPRex]

That's correct - it doesn't matter if this is run as root or the cPanel user. Just make sure to change "username" to your actual cPanel username.

 

[Cultidev]

I think I don't have access to the terminal. I couldn't see the terminal and after doing a quick search in cPanel, I get no results when searching terminal.

 

[cPRex]

You can also do this from the right column of cPanel >> File Manager - I've attached a screenshot showing an example of that area, and you just click on the permission numbers to edit them.

 

[Cultidev]

Hi,

I changed it and when I refreshed it reverted back to 644.

 

[cPRex]

I'm not certain why that would be the case. You may need to reach out to your hosting provider or datacenter to have them check the issue, since your cPanel account doesn't have the access necessary to examine the server settings.

 

[Cultidev]

Ok, will contact them and check.

Thanx

 

[cPRex]

Let me know what they have to say!

 

[Cultidev]

Ok, Will do.

Thank you for your assistance thus far!

 

[Cultidev]

Hi,

I contacted my host and they run the command and the file’s permission is 755 but it seems like it’s still breaking Wordfence’s firewall.

I think I’m going to send a screenshot of all the settings in WordPress Toolkit and ask Wordfence which ones coould break the WordFence firewall.

Regards

 

[cPRex]

Thanks - let me know what they say!