Su UNIX: Aprire la cartella /includes/ e usando lo CHMOD, impostare i permessi a 444. (Alcuni sistemi possono preferire 644)
Su Windows: Aprire la cartella /includes/, cliccare con il tasto destro il file configure.php e selezionare lo stato “Read Only”.
Sometimes you have to do this via a File Manager tool provided by your webhosting provider. In cPanel, it’s called File Manager. In other tools it might be called something different. In the file manager, you can simply navigate to the file you want to alter permissions for, then click on the File Properties link/button and set permissions. The links could have varying names.
If your FTP program won’t let you set CHMOD 444 and 644 doesn’t work successfully, you’ll have to use the File Manager approach above. If that doesn’t work, then you must contact your hosting company’s tech support to ask them to do it for you. Sometimes, although rare, it’s necessary to set these files to 400 instead of the common 444 or 644. Any lower than 400 may cause you to lose access to the file.
Some hosts have security configured such that even when you “ask” the server to set the files to 444, they remain at 644 or even get changed again later by a server security or filesystem properties check. This is why on our support forum you’ll find folks asking you to check and double-check what the permissions “really” are set to.
If you don’t address this issue, then you leave your site vulnerable to security risks. The warning is telling you that if someone were to get past Zen Cart’s security systems, or if they were to hack into your server using some other less-secure program even on somebody else’s hosting account, they could possibly read or change those very important configuration files. Thus it’s important to find a way to prevent the warning message, rather than merely suppress it.
The message is saying that the webserver, using PHP, *is* able to write to the file, according to the access check that PHP does against the file. Zen Cart is simply reporting that there’s a risk. Please don’t ignore or bypass it. It’s for your own security.