Plugin Author
gioni
(@gioni)
Hi! You can check folder permissions on the Diagnostic tab, which is located under the Tools admin menu.
Thanks for the quick response, Gregory.
Diagnostic tool shows that this directory /code/wp-content/mu-plugins is Write protected. So setting this directory writable is only way to make this work? This opens up a vulnerability, does it?
Plugin Author
gioni
(@gioni)
No, intrinsically, it does not. However, it can be “a vulnerability” if you have a breach in a plugin or a theme. For instance, a plugin can download any files from unauthorized and unsafe sources, and such a feature is available for anyone. In this context, the mu-plugins folder is a good place to hide malware. Well, any folder can technically contain a piece of malware. We cannot make all WordPress folders write-protected unless we need a read-only website. This is how WordPress works. The convenience of the WordPress 5-minute install comes at a price. If it’s easy and convenient for you, it’s also easy and convenient for cybercriminals.
Anyway, the solution is to make the folder writeable, activate the Standard mode, and make it write-protected again.
