Issue Restrict access to files and directories randomly reverts to disabled

[SDGPete]

Server operating system version

AlmaLinux 9.7 (Moss Jungle Cat)

Plesk version and microupdate number

Plesk Obsidian 18.0.74 Update #3

Hi,

I keep noticing that "Restrict access to files and directories" within Security Measures randomly reverts back to being disabled. I think it's in connection with auto-updates, I can see that 2 plugins were updated (presumably the protection is disabled for the update) but it wasn't reinstated after. This doesn't always happen but when it does there's no notification to say that it couldn't be applied and then leaves it vulnerable and easier to compromise (if plugins are found to have vulnerabilities).

Does anyone know of a way to prevent this or at the very least to notify when this happens?

 

[Sebahat.hadzhi]

Hi, @SDGPete . It is likely that some WordPress plugin automatically updates file/folder permissions that differ from the default permissions that are expected by WP-Toolkit. Please temporarily enable Plesk debug mode and check /var/log/plesk/panel.log when the issue reappears. The log entry should be similar to:

stderr: Incorrect permissions on /var/www/vhosts/example.com/httpdocs/wp-content/cache/wpo-minify/1622487907/assets/wpo-minify-header-b6715801.min.css.gz: expected is one of 00, 04, 040, 044, 0200, 0204, 0240, 0244, 0400, 0404, 0440, 0444, 0600, 0604, 0640, 0644, actual is 0755

It should help you identify which plugin is performing the change.