[Plugin: WP Security Scan] CAUTION: SCREWED-UP MY BLOG!

I’d suggest clarifying the version/error hiding in the plugin docs and descriptions. Right now, they seem to suggest that activating it as-needed is sufficient.

directories == 755
files == 644

Yes. No. Maybe.

There’s no single correct answer. It depends on what your hoster is doing on his webserver. Apache under a separate account with no shared groups, Apache under a separate account with a shared group (‘webusers’ or someting like that) or some form of SUID/SGID hosting. Having a single solution to a question with at least possible correct answers is way too broad from a security-viewpoint.

directories == 755
files == 644

It’s supposed to be the standard for WP installations but then again some plugins require 777 for certain folders. 755 is a safe bet for most but do read your plugins instructions.

Great work in progress Michael.

Cheers,
Gene

Well it killed my entire blog!
It had me change my prefex from wp-blog to something else then it logged me out and logged me in with a brand new password and now there is nothing there. No posts and no nothing…
Permissions aren’t my problem…
I’m assuming that it renamed it in my mysql database on the host because of the two letter change is the same way it was in the files.. I’m going to start digging but this things is really dangerous!!
DON’T USE IT!!!

Well I mean DEAD… There is no activating anything. After it told me that I was able to be hacked if I left my installation with wp-??? I did as it said and put in jp… Then I had a real secure blank blog with no plugins and no themes… I’m assuming if I go on my server and rename all my wp-??? files to jp-??? and it may work again..
Here is where my blog used to be. https://www.vistaphotos.net/vista
Thanks
So far I’m just getting errors..

Folgerj,

Before you start spouting off to people that this plugin broke your blog and “don’t use it,” make sure you’re doing things correctly.

Just by looking at the error message on your site, I see that you renamed “wp-settings” to “jp-settings.php”.

I’m not sure why you did this, but it’s entirely wrong and nowhere in the plugin or its documentation can I find where it tells you to do that.

Well all my files on my server database for the blog were renamed to jp-XXX
So I tried to get back in touch with all my files in the database by trying this… Since I can’t rename my database files on the server… Now I wish I knew mysql so I knew how to rename the database file names.
Anyway I’m in the process of reloading all the files in my directory from a previous backup to the original names.
The plugin said this change wp on the database needed to be changed to something else to prevent a hacker from exploiting it.
Well after the plugin renamed all the database files, I now have nothing to worry about since there is no blog to hack…
J

You shouldn’t be renaming database files. Maybe you mean database tables? If you mean WordPress files which begin with “wp-” you shouldn’t be renaming those either.

Well the plugin renamed the tables from wp-xxx to jp-xxx then I recevied an email about my new installation of wordpress and using the password provided I logged into to find nothing but a blank blog… with hello world in it.
I never made a back up of my database.. (my bad) so I can’t reinstall that so unless I can somehow rename all the tables back to default I’ll be starting a years worth all over…
Sorry if I sound upset but losing all that work is somehow disturbing..
J

Don’t take it out on the plugin just because you messed up. There is nothing in the plugin that would cause WordPress to believe it’s a new installation. You obviously had no clue what you were doing, messed things up, didn’t back up, and now are spaming the WordPress forums with incorrect accusations about the plugin destroying your blog.

Did you read the documentation and/or email the author of the plugin? I doubt it.

I help people out for free every day on these forums with WordPress issues, but I have absolutely no tolerance for such behavior.
You should always back up before doing anything, you should never do anything that you have no clue how to do, you should read documentation and follow instructions.

I was obviously in error in several areas but the fact that I only made a change the plugin said to change the prefix which it said it would do once I typed it in. So I typed it in and let it do it’s work then it logged me out (or something did) and I’m at the admin login window with admin filled in and a password so I logged in to find nothing.
Your right it’s my fault.. I’d became lax since 90% of all my plugins work great. but I’ve learned my lesson and now I have to figure out how to change all those table back to the default.
You’ve been too kind, really. The next time I’m looking for assistance I’ll just shoot myself in the foot instead. Much less painless…
??

I was obviously in error in several areas but the fact that I only made a change the plugin said to change the prefix which it said it would do once I typed it in. So I typed it in and let it do it’s work then it logged me out (or something did) and I’m at the admin login window with admin filled in and a password so I logged in to find nothing.

If that were the case, then you should have emailed the plugin author that there’s a potential bug. But the fact is, that isn’t all you did.
You changed file names. Obviously, WordPress isn’t going to work if you start changing file names.

Your right it’s my fault.. I’d became lax since 90% of all my plugins work great.

Of 17,000 downloads, only a small handful of people have had issues with the plugin. Most of the problems were immediately after the initial public release of the plugin, while it was in beta, all of which have long since been fixed with no further complaints. There is currently only one known possible bug, which doesn’t cause anything harmful to happen to the WordPress installation and affects very few users.
The fact is, you didn’t follow the instructions, you had no idea what you were doing, and you changed file names. This doesn’t mean that the plugin doesn’t work.

Well we’ll see, I just figured out how to change my table names back so when my back up is complete on the server, I will hopefully be able to make some headway again… but I doubt it will be that simple… I’ve learned wp just like everyone else… one mistake at a time… just hoping we don’t make any tactical errors that kill our blogs…
If I get it back then deleting this plugin will be at the top of my order of battle.

In the future, before running a plugin and making crazy changes that aren’t called for anywhere in the plugin or in its documentation… I’d highly recommend reading the instructions and/or emailing the plugin author for assistance. Most plugin authors are happy to provide support (although they generally appreciate if you read their documentation first).
Just for future reference, never change file names of core WordPress files. I’m still not sure why you decided to do that.

I hate to continue beating this house further but I only executed what it said no more no less. It said to type in a new prefix and I did.. it said hit the button titled “rename” and I did.. from there it all went down hill.
I’ve renamed all the tables and I’m slowly rebuilding my blog. I’ll try not to make any more errors that cause me to wander this way…
Thanks for the help… you really motivated me to excel and figure it out for myself.

As for renaming the directory files? I was at a loss for what it had just done to me. And at the time it seemed like a good idea.

I see in the docs that the owner?? (You perchance? or are there more Marines running around) it says For some people the database table name prefix changing functionality of WP Security Scan doesn’t work. In that case you may use the following instructions to change it manually.

In my case it worked to well because when I hit rename it did a terrific job… ??
I have to get up at O dark thirty so I’ll sign off.