Yes, it reproduces quite easily.
1. Dashboard Completed – “Your wp-config.php and .htaccess files are not writeable.”
line corresponds with
Settings – “Remove File Writing Permissions” checkbox enabled.
2. WordPress File Permissions – “wp-config.php\.htaccess: Suggestion 444 Value 0644 – WARNING”
lines correspond with
the File System Information – “.htaccess\wp-config.php File is Writable: Yes\No”.
However the way it works now (4.6.4) 1 and 2 do not necessarily have to be in sync … it does for .htaccess but it does not (always) for wp-config.php.
The reason for this (besides that you can always change permissions on files outside WordPress) is that enabling the “Remove File Writing Permissions” checkbox does nothing more than setting a write_permissions flag.
However refreshing the iTSec page (which happens automatically when settings are saved) has immediate effect, by using the write_permissions flag, for the permissions on the .htaccess file while wp-config.php permissions stay untouched …
(You could argue this is a bug but read on … I would be interested in iThemes thoughts on this though …)
chmod 444 on the wp-config.php will take place when you change another setting that needs to be effectuated by a change in the wp-config.php
For instance enable the “Disable File Editor” checkbox under the WordPress Tweaks section. Click on the “Save All Changes” button.
Now check the WordPress File Permissions on the iTSec Dashboard …
Notice we now also have 0444 permissions on the wp-config.php file and status is OK !
At the bottom of the Dashboard in the “wp-config.php Rules” metabox the following lines are added:
//The entry below were created by iThemes Security to disable the file editor
define( ‘DISALLOW_FILE_EDIT’, true );
dwinden