303 WordPress莫名错误:Warning: require_once(…/wp-config.php) [function.require-once]: failed to open stream: Permission denied in …/wp-load.php

—2013-06-17
看看主页,结果又出现了这个错误:

Warning: require_once(/home/dramatea/dramatea.com/wp-config.php) [function.require-once]: failed to open stream: Permission denied in /home/dramatea/dramatea.com/wp-load.php on line 29

Fatal error: require_once() [function.require]: Failed opening required ‘/home/dramatea/dramatea.com/wp-config.php’ (include_path=’.:/usr/local/lib/php:/usr/local/php5/lib/pear’) in /home/dramatea/dramatea.com/wp-load.php on line 29

知道是wp-config.php这个文件的权限问题导致此错误,把wp-config.php的权限修改为可读可写,就解决了。

但是为什么wp-config.php的文件权限被修改了,有谁知道?

—-2013-06-20
今天又出现了这个问题,
wp-config.php的权限又被改为200(只有一个所有者写权限。没有读权限)
网上寻找解决方法无果。
在“提高WordPress安全性的十个要点
”一文中,看到用.htaccess文件控制wp-config.php的访问权限的方法,先试一下。
(修改.htaccess文件前先备份)

1
2
3
4
<files wp-config.php>
order allow,deny
deny from all
</files>

—-2013-07-05
这段到是没有再出现这个问题了,不过今天打开邮箱才发现造成文件权限被修改是因为主机服务商在安全扫描的过程中认为这个PHP文件有危害,给禁止访问了。邮件通知如下:

Hello,

During a recent security scan we have identified that one or more of your hosted sites show signs of being compromised as they are hosting known, malicious web-based backdoors. Specifically, the following file(s) have been accessed by intruders and have been associated with unsolicited bulk email, denial of service or other abusive activity:

We have identified the following known backdoors under your account:
/home/dramatea/dramatea.com/wp-admin/seoyMX1.php
/home/dramatea/dramatea.com/wp-config.php
/home/dramatea/dramatea.com/wp-conf.php

We have disabled the page(s) in question (via adjusting permissions on the files, e.g. chmod, or backing up the file first renaming it to “filename.INFECTED” and cleaning up the injected code) until you are able to address this matter.

把.htaccess文件还原再试试看,因为中途Wordpress更新升级了一次,看看是否已经把这个漏洞修复了