All In One WP Security And Firewall Filesystem Security helps you setup the file permission for each folder and files in your website and more.
Last Updated: September 12, 2022
Latest News: Updated the documentation.
Your WP installation already comes with reasonably secure file permission settings for the filesystem.
However, sometimes people or other plugins modify the various permission settings of certain core WP folders or files such that they end up making their site less secure because they chose the wrong permission values.
This feature will scan the critical WP core folders and files and will highlight any permission settings which are insecure.
AIOWPS plugin helps you keep your files and folders permissions levels at the recommended minimum protection set out by WordPress.
Note: You can read more about this in the following link changing-file-permissions.
What you need:
All In One WP Security And Firewall Filesystem Security
Step 1 ) Go to WP Security -> Filesystem Security admin tab as illustrated in the image below.
Filesystem Security
Step 2 ) The following image Filesystem Security allows you to set up the following security settings.
Filesystem Security Settings
- File Permissions
- PHP File Editing
- WP File Access
- Host System Logs
File Permissions
Step 3 ) Go to WP Security -> Filesystem Security -> File Permissions to check and make sure your file system permission are set up correctly. The following image shows all file permissions correct with a green colour.
This will add another 20 points score towards your security meter. (Basic Security Level)
Step 3-a ) The image below shows you the Current Permission and the Recommended Permission. Click on Set Recommended Permissions button if your permissions are incorrect.
Step 3-b ) The following list shows you the recommended files permissions by this plugin for your site. All permissions that have a green color means the minimum file permissions have been added as recommended by AIOWPS.
Note: Some of you might want to add a higher level of restrictions to your files. This is entirely up to you.
AIOWPS Recommended File Permissions
- root directory = 0755
- wp-includes/ = 0755
- .htaccess = 0644
- wp-admin/index.php = 0644
- wp-admin/js/ = 0755
- wp-content/themes/ = 0755
- wp-content/plugins/ = 0755
- wp-admin/ = 0755
- wp-content/ = 0755
- wp-config.php = 0640
Step 3-c ) The following message is displayed if your website is hosted in a Windows server. This stops you from having to adjust the folder file permissions as illustrated above when running your site in a windows server.
PHP File Editing
Step 4 ) Go to WP Security -> Filesystem Security -> PHP File Editing as illustrated in the image below to set up the following option.
PHP File Editing Option
- Disable PHP File Editing = Many times you will enable this options especially if you have a members website and you don’t want anyone to edit PHP files.
The following entry is added into the wp-config.php file when you activate this feature.
//Disable File Edits
define('DISALLOW_FILE_EDIT', true);
- Click on Save Setting button once you finish.
This will add another 10 points score towards your security meter. (Basic Security Level)
WP File Access
Step 5 ) Go to WP Security -> Filesystem Security -> WP File Access to set up the following option as illustrated in the image below.
WP File Access Options
- Prevent Access to WP Default Install Files. The following will allow you to stop access to Default WP Files on your website.
- Click on Save Setting button once you finish.
This will add another 10 points score towards your security meter. (Basic Security Level)
Host System Logs
Step 6 ) Go to WP Security -> Filesystem Security -> Host System Logs as illustrated in the image below.
Sometimes your hosting platform will produce error or warning logs in a file called “error_log”. Depending on the nature and cause of the error or warning, your hosting server can create multiple instances of this file in numerous directory locations of your WordPress installation. By occasionally viewing the contents of these logs files you can keep informed of any underlying problems on your system which you might need to address.
Host System Logs Settings
- Enter System Log File Name = default name error_log
- Click on View Latest System Logs button to view the latest log file.
Sample List Of Log File Locations
- yoursite/wp-content/themes/suffusion/error_log
- yoursite/wp-includes/error_log
- yoursite/wp-includes/widgets/error_log
- yoursite/wp-admin/error_log
- yoursite/wp-admin/user/error_log
- yoursite/wp-admin/network/error_log
- yoursite/wp-admin/includes/error_log
- yoursite/error_log
Note: If you run into issues when checking the latest system logs, make sure you have enough memory allocated to your site. Also check to make sure you have not run out of disk space. Log files can become large in size.
Troubleshooting
Q1 The .htaccess file has ‘0’ (ZERO) permissions. How do I fix this?
Answer: The issue in this site was WordPress settings. The following WP Dashboard -> Settings -> General.
WordPress Address was: http://yoursite.com
Site Address was: http://www.yoursite.com
Changing both to http://yoursite.com fixed the .htaccess problem and allowed permalinks, etc to be written correctly. Check the following link forum post to learn more.
=============================
I hope the above steps helps you manage your file system security in your site.
If you have any questions please let me know
Enjoy.
All In One WP Security & Firewall Plugin Tutorial List
I have been working in IT since 1999 and I enjoy the challenges it brings me. I love developing websites with WordPress. I spend a lot of time helping out in wordpress.org forums. I have been writing tutorials since 2011. Now I am learning how to manage my own VPS "Virtual Private Server.