Replies: 1
Hi,
I’ve hardened my wordpress installation on my own debian server by setting the ownership of the wordpress files to
– chown user:user -R * (everything excluding:)
– chown www-data:www-data /wp-content & wordfence-waf.php
(also the .user.ini is hidden by nginx.)
as suggested in the WordPress Codex (Hardening WordPress).
Now wordfence is complaining that:
“The Wordfence Web Application Firewall cannot run. The configuration files are corrupt or inaccessible by the web server, which is preventing the WAF from functioning. Please verify the web server has permission to access the configuration files…”
To which other wp directory and/or files does wordfence also need read (and write?) access? Via the PHP user, www-data on my system.
Thanks in advance.
krtek