Publicly accessible config, backup, or log file found: .user.ini

[swarmcatcher]

Wordfence is identifying the .user.ini file as a security risk but it is actually something to do with Wordfence

; Wordfence WAF
auto_prepend_file = '/home/sites/3b/c/cf8cd719d2/public_html/wordfence-waf.php'
; END Wordfence WAF

Was going to edit the htaccess file with following code to solve it

<Files ".user.ini"> 
<IfModule mod_authz_core.c> 
Require all denied 
</IfModule> 
<IfModule !mod_authz_core.c> 
Order deny,allow 
Deny from all 
</IfModule> 
</Files>

Is this the best thing to do or is there something else I should do?
If it is the thing to do where should I add the code to bulletproof security?

[swarmcatcher]

[Topic has been merged into this relevant Topic]
I have had a critical security issue highlighted on a few sites by Wordfence and have found the appropriate code to place in the htaccess file to resolve it, but for the love of anything I can’t figure out how to do it.
Can I just edit my htaccess file directly and rerun setup?

Frustration is kicking in – can anyone advise on where to find straightforward basic use instruction preferably without having to waste time watching endless useless video tutorials?

[AITpro Admin]

Yes, Wordfence creates the .user.ini file so that Wordfence can create it’s WAF code in the .user.ini file that Wordfence created.

Yes, that htaccess code appears to be the recommended code for Wordfence.

1. Copy the Wordfence .user.ini WAF protection htaccess code into this BPS Root Custom Code text box: 1. CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE
2. Click the Save Root Custom Code button.
3. Go to the Security Modes page and click the Root folder BulletProof Mode Activate button.

 

[swarmcatcher]

AITpro Admin

Thank you for your help on this  -could not have solved my issue without you.

[Author]

Posts