Steven Ayers

@df03472,

When you click on the link, it will take you to the Plugin Settings page, which used to be called “General Settings.” The notice will be displayed on all pages, including the page it links you to. You should see that the SS Plugin icon is highlighted orange in the main icon menu at the top of the page. If that is highlighted, then you are on the correct page. Scroll down until you see the main title “Plugin Settings.” Directly under that, you will see “Settings” and then “All security policies.” Change the setting for “All security policies” to “Enabled” and scroll to the bottom of the page and SAVE.

When it saves, you will notice that there is a green notification at the top that says “Your settings have been saved.” You will also notice that you are still seeing the orange notification that says “Security Safe: All security policies are disabled….” This is a known bug. You are seeing that error because the plugin loaded the notification before your settings were saved. If your policies have been saved as Enabled, then go to another page by clicking on one of the icons in the icon menu at the top of the page and the notification will go away.

Next release:
– Rename that notification to say “Plugin Settings” instead of “General Settings”.
– Make the link in the notification go directly to the setting on the Plugin Setting page.
– Fix the notification load issue so that it does not display after saving the settings to “Enabled.”

Let me know if the instruction above fixed your problem.

Thanks,

-Steven

te?ekkür ederim

@frosinone,

Could you please provide additional details as to how the Security Safe plugin is “conflicting” with other security plugins? Also, could you provide the names of the plugins that it is conflicting with?

We would like to correct any discovered bugs to further improve the plugin for all current users.

NOTE: It is not recommended to have multiple security plugins installed on a site as they will be attempting to perform a lot similar tasks. Multiple security plugins causes more confusion than anything when managing the site. Regardless of that recommendation, features should not be conflicting with another plugin’s features if they are not enabled in the settings of the plugin.

Thank you,

Support Team

The plugin uses jQuery to accomplish that. You’ll find the script in the /js/pdrc.js file. You will either have to copy and past that code into your own Javascript file or place it directly in your theme wrapped by the <script></script> tags. If the script does not work, then it may be due to the dependency of jQuery not being loaded before the script executes.

If you include the script directly into your theme, then you will be unable to toggle it on/off conveniently within the admin UI, which is the whole purpose of the Security Safe plugin (convenience).

Which security plugins does Security Safe conflict with and in what way? It would be helpful to have that information so that those conflicts can be fixed quickly. Thank you.

Alex,

Keep in mind, you cannot “hide” these directories as they need to be accessible publicly, so you can only move them to a different location to make it less obvious.

I forgot to address the WordPress core portion of your question. My previous comment addresses these directories:

/wp-content/plugins
/wp-content/themes
/wp-content/mu-plugins
/wp-content/uploads

The rest of core cannot be easily changed without making future updates more difficult. In addition, changing any of these location does not “secure” your website. It obscures it. Obscurity is an additional layer of security. Security is an onion. There are many layers to it. I wouldn’t worry about the rest of the WordPress core directory structure.

-Steven

• This reply was modified 6 years, 10 months ago by Steven Ayers.

Alex,

The best way to accomplish this would be to rename the wp-content directory, which would result in all of these folders changing locations. This plugin does not provide that capability, but WordPress does allow you to natively do this using constant variables to point to the new locations. See https://codex.www.ads-software.com/Editing_wp-config.php#Moving_wp-content_folder

For Security Safe, that particular feature would be difficult to implement as it would introduce more problems that are outside the scope of security such as:

– The site will break immediately (old references to old directories that no longer exists)
– Internal Broken Links (404 errors)
– External Broken Links (404 errors)
– Old shared website content no longer shows images on your Facebook page (broken external links)
– Some plugin incompatibilities (rare and nothing you can do about it)

To address internal broken link issues, a search and replace plugin or database tool would be needed to replace the old directory names with the new location names. Be sure to backup your website before doing this type of work.

To address external broken link issues, you would need to implement 301 redirects in .htaccess (Apache Server), the NGINX conf files (NGINX Server), or use a 301 redirect plugin.

Also, if you implement a 301 redirect for the wp-content folder to the new location so that all of your old images work on social media accounts, that defeats the point of changing locations of your directories for security through obscurity. To get the best of both worlds, you could just redirect specific files versus the entire folder.

Often other minor problems will emerge after a week or so post the wp-content folder relocation. It is hard to know what all it affects as each site is often unique with only the above common denominators. I would highly recommend that you only change these folder locations if the site is fairly new and/or you are prepared to address problems quickly. You may want to run a test version of the site before rolling changes like this to the live site.

As you can see, this type of task probably shouldn’t be accomplished by a plugin.

– Steven

We are glad Security Safe was helpful in identifying some vulnerabilities on your site. The next Security Safe release (1.1.0) does have the ability to identify and fix file permissions. We are in the process of testing this new feature thoroughly before releasing it to the public. Also, this plugin is new and under continued development. As a result, more security features will be released each month over the next year. Be sure to review the plugin features and changelog each time you update the plugin. Thank you for using Security Safe to help protect your website.