Publicly accessible config, backup, or log file found: .user.ini

Home Forums BulletProof Security Free Publicly accessible config, backup, or log file found: .user.ini

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #38713
    swarmcatcher
    Participant

    Wordfence is identifying the .user.ini file as a security risk but it is actually something to do with Wordfence

    ; Wordfence WAF
    auto_prepend_file = '/home/sites/3b/c/cf8cd719d2/public_html/wordfence-waf.php'
    ; END Wordfence WAF

    Was going to edit the htaccess file with following code to solve it

    <Files ".user.ini"> 
    <IfModule mod_authz_core.c> 
    Require all denied 
    </IfModule> 
    <IfModule !mod_authz_core.c> 
    Order deny,allow 
    Deny from all 
    </IfModule> 
    </Files>

    Is this the best thing to do or is there something else I should do?
    If it is the thing to do where should I add the code to bulletproof security?

    #38714
    swarmcatcher
    Participant

    [Topic has been merged into this relevant Topic]
    I have had a critical security issue highlighted on a few sites by Wordfence and have found the appropriate code to place in the htaccess file to resolve it, but for the love of anything I can’t figure out how to do it.
    Can I just edit my htaccess file directly and rerun setup?

    Frustration is kicking in – can anyone advise on where to find straightforward basic use instruction preferably without having to waste time watching endless useless video tutorials?

    #38716
    AITpro Admin
    Keymaster

    Yes, Wordfence creates the .user.ini file so that Wordfence can create it’s WAF code in the .user.ini file that Wordfence created.

    Yes, that htaccess code appears to be the recommended code for Wordfence.

    1. Copy the Wordfence .user.ini WAF protection htaccess code into this BPS Root Custom Code text box: 1. CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE
    2. Click the Save Root Custom Code button.
    3. Go to the Security Modes page and click the Root folder BulletProof Mode Activate button.

     

    #38717
    swarmcatcher
    Participant

    AITpro Admin

    Thank you for your help on this  -could not have solved my issue without you.

Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.