I have installed the WSD plugin on my WordPress website and have run the scan and have applied the suggestions mentioned in the WordPress Scan Report and I also changed the current file permission settings to the suggested permission settings, as being advised in the File Scan Report.
Unfortunately however, changing permissions for the .htaccess in the root directory from 0644 to 0640 made me no longer access the entire website. I received the following error message after changing these permissions in 640: Forbidden - You don't have permission to access / on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
Also changing permissions for the .htaccess in the admin directory from 0644 to 0640 gives the same result and error message.
All other WSD file permission suggestions work okay on my site and are applied. The WordPress Scan Report gives a green checkmark on all mentioned points but the File Scan Report gives a warning sign for both .htaccess files (root and admin folder) because they are still set on 644 instead of the suggested 640.
As it seems that I cannot change my .htaccess settings from 644 to 640 I would like to know if my website is still secure when these files are set on 644. In other words: are both .htaccess files safe enough when set on 644?
Thanks and kind regards,