Fix Permissions does fix permissions only ownership

mendozal

After the last update, I received notifications about several sites having a plugin flagged as suspicious. I am familiar with the file and compared it with a clean copy; it is valid.

The affected files had their permissions changed to 000 and ownership set to root:root.

I chose to allow them and, following the notification instructions, ran:

cpfence --fix-permissions`

This command corrected the ownership, but the permissions remained at 000.

Is --fix-permissions expected to restore file permissions as well, or does it only address ownership?

PS: I manually corrected the permissions using a small script.

cPFence

mendozal

What is the name of the plugin that got flagged? Is it a custom plugin or a public one?

mendozal

cPFence it is a plugin called Divi Dash from Elegant Themes

https://www.elegantthemes.com

It’s not in the public Wordpress directory.

cPFence

mendozal

Please share the flagged file in a ticket so we can replicate and fix the issue.

mendozal

cPFence Ticket sent. Thanks.

cPFence

mendozal

Fixed in the latest release. Thank you for bringing this to our attention.

As for the Fix Permissions tool, it does not blindly apply changes to all files, in order to prevent issues on production servers. We have also updated the misleading restore instructions to help users quickly restore flagged plugins in bulk when needed.