All In One Security – File System
Script & Screenshots
In this video I’m going to go through the All In One Security File System Settings.
This is where you can manage File Permissions, PHP File Editing, Default WP File Access, and System Logs.
To get to it, click on WP Security, then Filesystem Security.
Starting with the File Permissions tab. You have one option here, the WP Directory and File Permissions Scan Results. Here it will scan the critical WordPress core folders and files and it will highlight any permission settings that are insecure. The installation usually comes with reasonably secure file permission settings, but sometimes people or other plugins modify the permission settings of the folders or files and end up making their site less secure because they chose the wrong permission values. If your permissions are good, you will see No Action Required on the far right of the screen, like you see here. If there are any areas that need the permissions changed, you will see a button that will say Set Recommended Permissions. Click on that button to update the permissions.
On the PHP File Editing tab, you can disable the ability to edit the PHP files. By default, WordPress allows Administrators to edit PHP files, such as plugin and theme files within the dashboard. If a hacker can get into your website, this is often the first place they will go, since it allows code execution. If you disable this, it will disable the ability for people to edit PHP within via the dashboard. Now if you ever need to edit any of the files, first off I highly recommend making a backup before making any edits. Then I often edit the files offline and then upload them up via FTP. Other times I will come back here and uncheck this, make the edits, then come back and disable it again.
On the WP File Access tab, you can disable access to files such as readme.html, license.txt and wp-config-sample.php which are delivered with all WP installations. By preventing access to these files you are hiding some key pieces of information (such as WordPress version info) from potential hackers. This is key when it comes to vulnerabilities are found in certain versions. If a hacker scans the internet looking for that version, they know how they can hack into your website. If you hide this information, they’re less likely to look at your website. But it’s also best to keep WordPress up to date as soon as a new version comes out.
Click the Save Setting button to save your changes.
The last tab is the Host System Logs tab. Sometimes your hosting platform will produce error or warning logs in a file called error_log. Depending on the nature and cause of the error or warning, your hosting server can create multiple instances of this file in numerous directory locations of your WordPress installation. Viewing the contents of these logs files you can keep informed of any underlying problems on your system which you might need to address. Click the View Latest System Logs button to display the logs.
That’s it for this video. I’ll see you in the next one.