Error in Load security engine standard mode

  • Resolved skylabb

    (@skylabb)


    3 years, 5 months ago

    Hi, when I setup security engine to Standard mode, I get this error message:

    “ERROR: Destination folder access denied /code/wp-content/mu-plugins”

    My site is hosted with Pantheon. I believe they have strict security rules disallowing directory write access on live site server. Write access in only allowed in provided dev site server.

    Thank you.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author gioni

    (@gioni)

    Hi! You can check folder permissions on the Diagnostic tab, which is located under the Tools admin menu.

    Thread Starter skylabb

    (@skylabb)

    Thanks for the quick response, Gregory.

    Diagnostic tool shows that this directory /code/wp-content/mu-plugins is Write protected. So setting this directory writable is only way to make this work? This opens up a vulnerability, does it?

    Plugin Author gioni

    (@gioni)

    No, intrinsically, it does not. However, it can be “a vulnerability” if you have a breach in a plugin or a theme. For instance, a plugin can download any files from unauthorized and unsafe sources, and such a feature is available for anyone. In this context, the mu-plugins folder is a good place to hide malware. Well, any folder can technically contain a piece of malware. We cannot make all WordPress folders write-protected unless we need a read-only website. This is how WordPress works. The convenience of the WordPress 5-minute install comes at a price. If it’s easy and convenient for you, it’s also easy and convenient for cybercriminals.

    Anyway, the solution is to make the folder writeable, activate the Standard mode, and make it write-protected again.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Error in Load security engine standard mode’ is closed to new replies.