WooCommerce uploads folder blocked

Home Forums BulletProof Security Free WooCommerce uploads folder blocked

This topic contains 7 replies, has 3 voices, and was last updated by  AITpro Admin 2 weeks, 5 days ago.

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • #21405

    Adendum
    Participant

    Hi,

    I have a WooCommerce installation that provides downloads of ZIP files accessed via an email generated by WooCommerce after a customer has purchased…standard stuff.

    Every so often customers email me to say they get a 403 Error when they click the link to download the file. The cause is an .htaccess file in the root folder of the woocommerce_uploads folder that has a “deny all” in it. If I delete this file the problem evaporates but I don’t know how to stop this .htaccess file getting added back to the folder….I assume it is generated by BPS at some stage but I can’t see anywhere that allows me to control this….any ideas?

    BPS has been installed and running for a couple of years but is updated within 24 hours of all update releases.

    #21409

    AITpro Admin
    Keymaster

    BPS free does not add/create any .htaccess files in the WordPress /uploads folder.  BPS Pro does add/create an /uploads folder .htaccess file, but it is created in the root of the /uploads folder and not under any child/subfolders and is managed/fully controlled in B-Core Security Modes.  So that .htaccess file is being created by something else and not by BPS.  Most likely either WooCommerce itself is creating that .htaccess file or another WooCommerce add-on plugin that you have installed or another plugin that is installed.  Does the .htaccess file have any Placeholder/Marker text in it to indicate which plugin is creating this .htaccess file?  Example:  # Created by Plugin X.  If it does not have any text indicating which plugin is creating it then when you do find out which plugin is doing this then you need to inform that plugin creator that they need to add a Placeholder/Marker in that .htaccess file so that other folks do not run into this exact problem you are having of not knowing which plugin is creating the .htaccess file.

    #21410

    Adendum
    Participant

    Ah, that’s interesting and very useful.

    I don’t have any other Woocommerce related plugins so it must be Woo itself but I’ll start looking closer at Woo and check other plugins too.

    Many thanks…

    #21411

    Adendum
    Participant

    The .htaccess is from Woo!

    #38108

    Naoned
    Participant

    Hi there,

    I know it’s been 5 years since you posted this message, but how did you manage the problem with .htaccess file that keeps being added by woocommerce plugin ? I have the same issue and can’t find a solution online.

    Thank you for your help ! I hope you will have the chance to read this message.

    Noaned

    #38109

    Adendum
    Participant

    Naond,

    Yeah that was a while back….sadly I have no idea but my best guess was a support ticket to WooCommerce. I can’t even remember what site it was so I can’t look. I only have two client sites using WooCommerce today and one of them is only 2 years old so that means the only site I have with WooCommerce is still using the exact same htaccess file (deny from all) so if it was that site it must have been a change to WooCommerce settings…..but it was a long time ago and it may not be that site.

    I suggest you contact WooCommerce.

    #38110

    AITpro Admin
    Keymaster

    @ Naoned – I’m assuming you have the BPS free plugin installed.  If you have BPS Pro installed then let me know that.  Check your WooCommerce plugin settings and look for an option setting in the plugin that has to do with adding/creating an htaccess file in the WordPress Uploads folder.  It may be that there is not any option setting to change the htaccess file.  So if that is the case then you will need to contact the plugin author for whichever plugin is adding/creating the htaccess file in the WordPress Uploads folder.

    #38111

    AITpro Admin
    Keymaster

    Another way to take care of the issue would be to comment out the htaccess code in the WooCommerce htaccess file.  That would prevent WooCommerce from recreating the htaccess file when you delete it.  ie WooCommerce will see that that htaccess file exists and will not recreate it.  😉  To comment out htaccess code use a pound sign # in front of the line of htaccess code that you want to comment out.

Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.