Description

The WordPress configuration file has weak file permissions.The file wp-config.php is writable by the web server user (usually www-data, apache or nobody).

The WordPress recommended file permissions setting is 755 for folders and 644 for files. This way, the configuration file is only writable by the owner of this file and not by the web server user.

Remediation

Make sure the file permissions are set to only allow the owner to write to it. To do this, connect to the account with SSH (PuTTY/Terminal) and use a command similar to (for wp-config.php)

chmod 0644 wp-config.php

References

Related Vulnerabilities