Feature request: Please add permissions check

  • We recently had a client site infected via the revolution slider vulnerability. The slider was part of the theme and there was no automatic update for the plugin when installed this way, although a manual update method is available, yet somewhat obscured.

    Sucuri’s free scan did not find it. We only found it because updates would not install which turned out to be permissions were changed to 555 on all files and folders under the wp-content/plugins as well as the theme folder.

    The AIOWSF file change detect helped tremendously in tracking it down.

    I’ve since put a shell script cron job in place to detect permission weirdness site wide.

    Request: It would be of great help if AIOWFS had a permission check feature that operates much like the file change detect. Not just detection of certain files, but checking for odd things like 555 or 111, throughout the site or at least the PHP files.

    Thank you for any consideration on this.

    https://www.ads-software.com/plugins/all-in-one-wp-security-and-firewall/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter itonstandby

    (@itonstandby)

    If anyone is interested, the commands we use in the shell script to check permissions are below. (loginname should be the cPanel login name)

    find /home/loginname/public_html -type f -perm 555
    and
    find /home/loginname/public_html -type d -perm 555

    We also check within all php files for the presence of “0555” which should probably never be in a WordPress php script.

    find /home/loginname/public_html -name *.php -exec grep "0555" '{}' \;

    Note the above commands do not fix the issues, but merely detect. Since they are in a cron job the output of the commands is delivered by email.

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Thank you itonstandby, one of the plugin developers will check your solution further.

    Regards

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Feature request: Please add permissions check’ is closed to new replies.