In fact, on my WordFence Firewall page it says:
"We were unable to write to ~/wp-content/wflogs/ which the WAF uses for storage. Please update permissions on the parent directory so the web server can write to it."
The permissions are open on those dirs to 775 (/usr/share/nginx/html, /usr/share/nginx/html/wp-content/, /usr/share/nginx/html/wp-content/wflogs/, and /usr/share/nginx/html/wp-content/wflogs/config.php), and all owned by 'www-data:www' - this is who both the webserver and PHP run as. This isn't right.
What am I missing here?
Also, I just looked again and now somehow "rules.php" and "wafRules.rules" are now both owned by root, in addition to config.php (which I am constantly resetting to 'www-data:www'). Yesterday they were owned by www-data:www...
-rw-rw---- 1 www-data www 40083 Aug 7 13:52 attack-data.php
-rw-rw---- 1 root root 888 Aug 13 17:15 config.php
-rw-rw-r-- 1 www-data www 133 Aug 6 12:22 .htaccess
-rw-rw---- 1 www-data www 51 Aug 6 12:22 ips.php
-rw-rw-r-- 1 root root 25545 Aug 13 12:30 rules.php
-rw-rw---- 1 root root 16204 Aug 13 12:30 wafRules.rules