Results questions

Hi atdblog,

Thanks for posting…

1. It’s very difficult to recommend a perfect permission setting. Start at the lowest recommended setting and if the plugin is not able to edit the file(s), then increase it. If one plugin can edit the file, all of them can so you should be able to find something that will work for any plugin. Just be aware that testing permissions could temporarily break your site if they’re set too low. Sorry, I can’t be too specific here.

2. The plugin has no cache. For the directory indexing, did you put that code in the web root htaccess file? Perhaps there is a Options +Indexes somewhere further down in that file or in another htaccess file in a parent directory of the plugin. You can test that you’ve actually disabled directory indexing by pointing your browser to a publicly accessible directory that does not have an index file in it – perhaps a directory in your theme folder. If you see a list of files, apache is still serving indexes, if you get a “forbidden” error, you’ve got indexing turned off. If you have disabled directory indexing and Gauntlet Security is still giving you a warning for that test, please let me know what type of warning it is.

Which issues do you still see regarding the log file block?

Mine is set at the default WP permissions. I think every article I’ve seen on permissions says “start with the lowest then increase it”. Unfortunately, without examples of permission settings I can’t move forward on that.

I did not find a directory that displays the listing but the scan message still says “Directory indexing is turned on.” I used Agent Ransack to search my site source code for “+Indexes” but no results.

The plugin can only provide general advice and recommendations for the permissions settings. There are plenty of example permission modes on the codex page here: https://codex.www.ads-software.com/Changing_File_Permissions. And your web host might have a guide on file permissions that applies specifically to your server.

The directory index check looks at the /wp-content/plugins/gauntlet-security/admin/includes/classes directory. If it gets an error message (403+ server status code), it assumes you’ve properly turned off indexing. If it gets anything else, it assumes that directory indexing is enabled. You can test this directory yourself by visiting it in your browser: https://yoursite.com/wp-content/plugins/gauntlet-security/admin/includes/classes. If you get anything other than the built-in apache “Forbidden” message, another plugin might be inserting an index file into the directory or triggering redirects from an htaccess file. Some security plugins do this as an alternative to the Options -Indexes method but if the status code isn’t 403, then that’s not ideal.