Installation & Configuration
What is this "Security risk" error about config.php and 444?
Scenario:
"I have just finished installing Nucleus and I receive this strange error message when I try to login to my administration area:
Security Risk One or more of the Nucleus installation files are still present on the webserver, or are writable. You should remove these files or change their permissions to ensure security. Here are the files that were found by Nucleus config.php should be non-writable (chmod to 444) If you don't want to see this error message again, without solving the problem, set $CONF['alertOnSecurityRisk'] in globalfunctions.php to 0, or do this at the end of config.php.
What do I need to do to get rid of it?"
Solution:
Check to make sure you have deleted the install.php and install.sql files from your webserver. If these files are gone, you need to change the permissions on config.php either through your FTP client:
You can also set permissions on files through your host's control panel. The following example uses a cpanel interface. First, login to your host's control panel and go to the File Manager. In cpanel, you simply click on the File Manager icon:
Next, browse to the /public_html/ directory if you installed Nucleus in your root directory, or /public_html/subdirectory/ if you installed in a subdirectory. Locate your config.php file and click on it to view its properties:
Click on "Change permissions" to adjust the file permissions. Set it to 444 or to "Read" for "User", "Group" and "World". Hit "Change" and you're done!
If the above still doesn't work and you still get the error message, open the globalfunctions.php file inside the /nucleus/libs/ directory and make sure the line for $CONF['alertOnSecurityRisk'] is set to 0 like this:
$CONF['alertOnSecurityRisk'] = 0;
Original forum thread (thanks, ftruscot!):
http://forum.nucleuscms.org/viewtopic.php?t=13705
Total votes: 16 - Rating: 9.00