Protect User.ini in Root DIrectory .hta when other FW Plugin exist

  • Resolved crissineon

    (@crissineon)


    3 years, 6 months ago

    Hello,

    i use WF together with a other FW Plugin, what already generate .htaccess code. I did the WF Setup now, and recognized that the .htaccess code (Apache Webhosting /) is not added to my root htaccess File. I disabled the other FW Plugin, and Disabled WF Firewall / enabled again Protection Mode, but still the user.ini protection is not generated.

    1. Can i add the Code just manually in my root htaccess File? Where should the code be, before caching htaccess , or is the position where the code is added equal.

    
# Wordfence WAF
<Files ".user.ini">
<IfModule mod_authz_core.c>
	Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
	Order deny,allow
	Deny from all
</IfModule>
</Files># END Wordfence WAF

    2. If i have already the following code in my htaccess, can i not just add to the code the user.ini protection to merge?

    This is the actual code in my htaccess file:

    # Protect
<FilesMatch "^(wp-login\.php|wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php|debug\.log)">
<IfModule mod_authz_core.c>
Require all denied
Require ip 127.0.0.1
</IfModule>

<IfModule !mod_authz_core.c>
<IfModule mod_access_compat.c>
Order Allow,Deny
Deny from all
Allow from 127.0.0.1
</IfModule>
</IfModule>
</FilesMatch>

    thx
    br

Viewing 4 replies - 1 through 4 (of 4 total)

  • Thanks for reaching out.

    Yes, you should be able to add the code to the existing .htaccess file to hide the .user.ini file. I would add it above the line that says # Protect

    So it would look like this:

    # Wordfence WAF
<Files ".user.ini">
<IfModule mod_authz_core.c>
	Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
	Order deny,allow
	Deny from all
</IfModule>
</Files># END Wordfence WAF

# Protect
<FilesMatch "^(wp-login\.php|wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php|debug\.log)">
<IfModule mod_authz_core.c>
Require all denied
Require ip 127.0.0.1
</IfModule>

<IfModule !mod_authz_core.c>
<IfModule mod_access_compat.c>
Order Allow,Deny
Deny from all
Allow from 127.0.0.1
</IfModule>
</IfModule>
</FilesMatch>

    Tim

    Thread Starter crissineon

    (@crissineon)

    Thanks Tim, for the information!

    If the Website is installed in a Subdirectory, must the wf hat code be modified?

    br
    Crissi

    I can’t comment on the additional code but as long as that .user.ini file exists in the subdirectory where WordPress is installed ours will.

    tim

    Thread Starter crissineon

    (@crissineon)

    Thank You Tim!
    br
    Crissi

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Protect User.ini in Root DIrectory .hta when other FW Plugin exist’ is closed to new replies.

Tags