BPS lock causes site to be inaccessible on Cloudways

Home Forums BulletProof Security Free BPS lock causes site to be inaccessible on Cloudways

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • April 25, 2024 at 3:29 am #43785
    Jeff Rivett
    Participant

    I recently moved a WordPress site to Cloudways. BPS mostly seems to work just fine on the Cloudways host, except for one thing: when the BPS lock function changes the permissions of the root .htaccess file from 644  to 404, the site becomes inaccessible.

    Purging the site’s Varnish cache and the web browser cache doesn’t help.

    My testing shows that removing permissions for the group prevents the web server (which runs as www-data) from accessing the file. Changing the file’s permissions to 440 gives read access to the group, and allows the site to function normally.

    For now, I’ve just disabled BPS auto-lock and unlocked the file. But I’d like to be able to use the locking function.

    April 25, 2024 at 3:50 am #43786
    AITpro Admin
    Keymaster

    Many years ago locking files with 404 permissions was a useful security measure, but these days web host servers have become much more secure. So the old security vulnerabilities that existed in older web server versions no longer exist. The only remaining benefit of locking the root htaccess file is to prevent other plugins from writing to the root htaccess file, which in some cases would cause a site to crash.  Check with Cloudways to see if they allow 404 file permissions per hosting account.

    April 25, 2024 at 6:40 am #43787
    Jeff Rivett
    Participant

    Okay, thanks. I think I’ll just stop using the locking feature. As you said, it’s not as important these days.

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.