tbob21

I did see that, as mentioned in that very post setting to more restricted permissions is more secure.

Required? Maybe not, but the WP documentation does say it’s a “hazard” to leave it at 644.

I was more concerned with the plugin overriding the permissions I had set previously which should not be happening, sounds like the plugin needed more testing before this major release.

• This reply was modified 3 years, 7 months ago by tbob21.

I disagree on the wp-config.php permissions.

See the following documentation:

Changing File Permissions

NOTE: If you installed WordPress yourself, you likely DO need to modify file permissions. Some files and directories should be “hardened” with stricter permissions, specifically, the wp-config.php file. This file is initially created with 644 permissions, and it’s a hazard to leave it like that. See Security and Hardening.

OK, maybe it was then. I never had this issue previously, and it did seem to keep the previous permissions if it was overwriting the files.

Either way, I’m no longer using that function as there seems to be too much risk of it breaking something.

If banned IP’s are set to write to the database that option shouldn’t affect anything. The files were never getting overwritten hourly before version 8.

It was also saving them with 644 permissions. I had to go through and manually update the permissions on 50+ sites.

I see it now. That is a very strange place to put it.

I can see why there are so many reviews thinking features a lot of missing features because of the confusing UX. For example, under features the submenu items are the same as the TABS, while some of the other areas are completely separate pages, this should be consistent.

I think just moving Features, Tools, and Advanced to the Configure menu all together would likely reduce confusion.

This would make a lot more sense to me:

Configure
– Features (submenu not needed as there are already tabs)
– Global Settings
– Lockouts
– Tools
– Advanced

User Groups and Notifications seem fine.

I’d adjust my review but it doesn’t seem like I’m able to.

• This reply was modified 3 years, 7 months ago by tbob21.
• This reply was modified 3 years, 7 months ago by tbob21.

Had .htaccess not finish saving because of this and broke a site. Had to restore the .htaccess from a backup.

Disabling Settings > Configure > Global Settings seems to have stopped it from being re-saveing every hour.

It should only be updating these files on config save!

2.2.13 seems to have solved the issue for us. Thanks for the quick update!

Same issue. Reverted to an older version and all is well.

One of my sites got hacked through this plugin a few days ago. I’ve since restored a backup and uninstalled the plugin.

Shouldn’t the changelog show something like “Patched Arbitrary File Upload Vulnerability” to inform users running older versions that it is a high priority security patch?