Security Concern, Config file with passwords is 777 on several installations!
I just got a warning message from my hosting company that my Classipress installation had serious security problems and that the config file with database username and password and more was both readable and writeable (777).
Since this is the first time I've ever installed one of your themes I'm sure that there is a big probability that I've done something wrong or have missed some important information that have caused this and that there is nothing wrong with your products.
This is a support request only, not an accusation of anything.
I installed Wordpress, then installed Classipress and nothing more. No plugins, no manual edits, nothing more. Just added some test ads, that's it!
I cannot remember that I have gotten any warnings about modifying any file or folder rights? Or am I wrong?
When I got the warning message I immediately turned too Google with some searches to look for solutions to my problem to gain knowledge about where to start. Then I found several other Classipress customers facing the same security problems that I am, but the only problem is that they are wide open and do not know anything about it. Therefore I'm concerned.
Also, this affect other files and folders than the config file.
Language files is available for editing and download on several sites.
As mentioned above, I'm sure this is most likely related to the installation and not the product alone, therefore I need some advice.
When I get the receipt on how to fix this I can distribute the info to those other users if wanted. It is not fair not telling them that their usernames and passwords are indexed in google available for everyone to view and hack if wanted..