Can’t delete the whitelist

  • Resolved Khaliel

    (@khaliel)


    9 months ago

    My whitelist added a rule that I didn’t ask for.
    It allows all PHP files in the upload directory in what seems to be hidden folders. And that’s precisely a way for malwares to attack. So I need to DELETE this rule (and I don’t have any hidden folders there anyway).

    So in the hardening tab, under “allow blocked php files” section I’ve checked the box of this rule and clicked on delete, but the page refreshes and the rule is still here.
    I can’t find where this whitelist is stored on my website. I’ve checked in the uploads/sucuri folder, in the .htaccess file and even in my database, but nothing.

    Please how to fix this and delete this unwanted rule?

Viewing 1 replies (of 1 total)
  • Plugin Support sucuri1

    (@sucuri1)

    Are you getting any type of error message when they try to delete that entry using the UI. Might help us debug!

    I was able to replicate exactly the same pattern using the?*.php?filename, and the .htaccess file that needs editing should be inside?wp-content/uploads

    Below is a sample of the code you would be looking for:

    <Files *.php> <IfModule !mod_authz_core.c> Allow from all </IfModule> <IfModule mod_authz_core.c> Require all granted </IfModule> </Files>

Viewing 1 replies (of 1 total)
  • The topic ‘Can’t delete the whitelist’ is closed to new replies.