File Permissions, PHP Security and Default File Security – All In One WP Security & Firewall

Posted OnSep 26, 2014     CategoryPlugins, Users & Security     CommentsNo comment

In this section of the guide to the All In One WP Security & Firewall plugin, we will take a look at Filesystem Security, where you can manage File Permissions, PHP File Editing, Default WP File Access, and System Logs.

Step 1) Login to the WordPress Dashboard.

Step 2) On the left-hand sidebar of the Dashboard navigate to WP Security -> Filesystem Security.

km-all-in-one-files-01

Your WordPress file and folder permission settings governs the accessibility and read/write privileges of the files and folders which make up your WP installation.

The options on how to secure your WordPress files and folders are shown below.

  • File Permissions

    Your WP installation already comes with reasonably secure file permission settings for the filesystem. However, sometimes people or other plugins modify the various permission settings of certain core WP folders or files making the site less secure.

    Once this tab is clicked, a scan is conducted of all the critical WP core folders and files and the scan results will highlight any permission settings which are insecure.

    A. Security Points Buttons The Basic button displays the Feature Difficulty.

    The 0/20 button displays the Security Points assigned to this. Since there are no files or folders with permission issues, the security points are set to 20/20.

    B. List of Files Scanned The table shown below displays the scan results. For this example, all our files and folders are secure!

    km-all-in-one-files-02

  • PHP File Editing

    The WordPress Dashboard by default allows Administrators to edit PHP files, such as plugin and theme files. This is often the first tool an attacker will use if able to login, since it allows code execution. This feature will disable the ability for people to edit PHP files via the dashboard.

    A. Security Points Buttons The Basic button displays the Feature Difficulty.

    The 0/10 button displays the Security Points assigned to this. Since no selections have been made, the security points are set to 0/10.

    B. Disable Ability To Edit PHP Files: Place a check mark in this check box if you want to remove the ability for people to edit PHP files via the WP dashboard.

    km-all-in-one-files-02a

    Once the settings have been selected and the Save Settings button is clicked, the security points should now be 10/10.

    km-all-in-one-files-02b

  • WP File Access

    This option allows you to prevent access to files such as readme.html, license.txt and wp-config-sample.php which are delivered with all WP installations.

    By preventing access to these files you are hiding some key pieces of information (such as WordPress version info) from potential hackers.

    A. Security Points Buttons The Basic button displays the Feature Difficulty.

    The 0/10 button displays the Security Points assigned to this. Since no selections have been made, the security points are set to 0/10.

    B. Prevent Access to WP Default Install Files: Place a check mark in this check box if you want to prevent access to readme.html, license.txt and wp-config-sample.php.

    km-all-in-one-files-03

    Once the settings have been selected and the Save Settings button is clicked, the security points should now be 10/10.

    km-all-in-one-files-03a

  • Host System Logs

    Sometimes your hosting platform will produce error or warning logs in a file called error_log. Depending on the nature and cause of the error or warning, your hosting server can create multiple instances of this file in numerous directory locations of your WordPress installation. Viewing the contents of these logs files you can keep informed of any underlying problems on your system which you might need to address.

    Click the View Latest System Logs button to display the contents.

    km-all-in-one-files-04

The next step in the guide will focus on the WHOIS Lookup feature.

 


Leave a Reply

Your email address will not be published. Required fields are marked *

Send this to friend