• Resolved Roy

    (@gangleri)


    Just fooling around with this plugin in my test site. I installed the latest version, activated the plugin, ran the check, all worked fine. Then my eye fell on the suggestion to change the wp_ suffix for tables, so I gave it ago and changed them to tst_. The report said that all changes were successfull except two wpau_ plugin tables which I had to change manually. So when I decided to see if the site was still up, I got the screen that I had to install WP and then I got a password. Very funny! So now the site is a completely fresh and new WP installation without theme, posts or anything.

    That wouldn’t have been funny if it was a live site!

    https://www.ads-software.com/extend/plugins/wp-security-scan/

Viewing 5 replies - 16 through 20 (of 20 total)
  • Thread Starter Roy

    (@gangleri)

    I can see the htaccess in my control panel’s “file manager”. Files are listed alphabetically most of the time, but the htaccess just was somewhere at the bottom for no particular reason. But since there are htaccess’s in several folder, it would be nice if your plugin would give a little more of the path than just ../../.htaccess (something like ../wp-admin/.htaccess or whereever it is).

    Regarding the wp-config, this is a funny thing. My control panel doesn’t use the numbers so I hope I give them correctly here, but all my config files were at 644 (yesterday I worked on five installations), I changed them to 666 to use your plugin (double checked after the initial mess of course) and when I use your plugin to change the prefixes, the chmod mysteriously went back to 644. This is of course a nice security feature and I wondered if your plugin does that or that my host has something of standard chmods for certain files (or whatever way of doing this).

    And well, the fuss with the database users and passwords was mostly that after an hour I found out that my passwords had to start with a letter and nothing else and I used your password creator to make them, so most of them simply weren’t accepted (and I didn’t get a message of that).

    Trial and error ??

    Michael Torbert

    (@hallsofmontezuma)

    WordPress Virtuoso

    It’s listed at the bottom because it’s .htaccess, as opposed to htaccess.extension or filename.htaccess.

    The path origin for all of the files are the same, from the root of WordPress. That goes for .htaccess as well. Having said that, you should chmod them all to the appropriate permissions.

    It’s impossible for WP Security Scan to chmod your files or directories. A current version will have functionality to do it for you, but the current version does not.

    MySQL is finicky about choosing your password. Some people find that out the hard way:) Now that you bring that up, I should probably include a notice in the plugin not to use the password generator for MySQL passwords. It’s great for Unix (FTP) passwords, WordPress passwords, or most anything else though.

    @ Gangleri

    I changed them to 666 to use your plugin (double checked after the initial mess of course) and when I use your plugin to change the prefixes, the chmod mysteriously went back to 644.

    Ive had this problem before for another reason and found if the perms returned back to to what they were when you think youve changed them – then it could be the Group / owner of the file/folder not being assigned to the correct setting . The only way to check is by using something like filezilla and to correct it depends on your access to the files . Like me if youve got root access you can change them using something like WinSCP or simply ask the techies at your hosting company to correct them.

    Hope that helped
    Graham

    Sometimes I get nutty reading “techy stuff” as some ( but not all ) people seem to get so archane. Sorry, just frustrated. You find a problem, so how do you fix it? Does anyone know how to solve these two issue?

    “Before running this script:

    (1) * wp-config must be set to writable before running this script.
    (seems easy enough, but the next one is unclear)

    (2) * the database user you’re using with WordPress must have ALTER rights” (HOW does one change ALTER right?)

    Thanks a mill.

    bryanxcole

    (@bryanxcole)

    I attempted to change my wp_ as well, and now the whole thing is down. I made all the changes and followed all the steps correctly and now my blog reads:

    Fatal error: Call to undefined function wp() in /home/content/b/r/y/bryanxcole/html/wp-blog-header.php on line 14

    I don’t understand what happened.

Viewing 5 replies - 16 through 20 (of 20 total)
  • The topic ‘[Plugin: WP Security Scan] “Welcome to WP, please install your blog”’ is closed to new replies.