Drupal configuration file weak file permissions
Description
The Drupal configuration file has weak file permissions.The file .\sites\default\settings.php is writable by the web server user (usually www-data, apache or nobody).
The Drupal recommended file permissions setting is 755 for folders and 644 for files. This way, the configuration file is only writable by the owner of this file and not by the web server user.
Remediation
Make sure the file permissions are set to only allow the owner to write to it. To do this, connect to the account with SSH (PuTTY/Terminal) and use a command similar to <pre> chmod 644 sites/default/settings.local.php chmod 644 sites/default/settings.php </pre>