How do I allow specific files to execute in the WP-CONTENT directory?
The “Allow Blocked PHP Files” function in the plugin doesn’t allow specific files to be listed.
I need the following PHP files to be allowed to execute:
- /wp-content/plugins/gtranslate/url_addon/gtranslate.php
- /wp-content/plugins/gtranslate/url_addon/config.php
For some reason, the Allow Blocked PHP Files section in the Sucuri plugin sections doesn’t allow you to simply enter the entire path of the file, so I need to know how to add the following files to the allow list:
- /wp-content/plugins/gtranslate/url_addon/gtranslate.php
- /wp-content/plugins/gtranslate/url_addon/config.php
Sucuri only seems to give /wp-content as a directory option.
Any help is greatly appreciated.
It allows all PHP files in the upload directory in what seems to be hidden folders. And that’s precisely a way for malwares to attack. So I need to DELETE this rule (and I don’t have any hidden folders there anyway).
So in the hardening tab, under “allow blocked php files” section I’ve checked the box of this rule and clicked on delete, but the page refreshes and the rule is still here.
I can’t find where this whitelist is stored on my website. I’ve checked in the uploads/sucuri folder, in the .htaccess file and even in my database, but nothing.
Please how to fix this and delete this unwanted rule?
What do the following mean, in a way where I can explain it to a 8 year-old:
Hardening
User registration is restricted
File editing is disabled
Code execution is restricted
Browsing directories is blocked
User enumeration is restricted
Username ‘Admin’ is not allowed
Debug log not publicly accessible
]]>We are concerned about the new Hardening section of this plugin. These settings are already handled outside of this plugin and are redundant for our clients. Can we remove this section or turn these off without affecting the other methods we use?
]]>A recent formal security scan of a site i look after has highlighted a security “risk”
WordPress plugin versions exposed
Ensuring WordPress plugin versions are not exposed can make it harder for attackers to find exploits against your site.
A potential hacker could see the plugin versions e.g. cookie-notice: 2.2.1, genesis-slider: 0.9.6, simple-sitemap: 3.5.4, simple-social-icons: 1.1.21, lightweight-grid-columns: 1.0
How can I hide the Plugin versions to external users please?
none of the standard security pluigns e.g. Wordfence, Sucurri etc seem to offer this feature so I’m a bit stuck since the external organisation doing this pen test insist this is a vulnerabiltiy
Thanks as always for your help
]]>You can set various security levels from their Dashboard – depending on your situation and preference and it is super easy to apply hardening levels.
A comfortable feeling knowing our websites are now serviced with the highest security level.
I would advice anyone using this, their support is also quick and top notch.
Kudos on this value for money plugin! ]]>
I applied hardening to php files in directories such as wp-content. However, now the “revert hardening” is greyed out for these areas and I cannot revert. I believe it is making me unable to edit certain files myself. I tried whitelisting the files but that did not work. How can I revert hardening for wp-content?
Thanks ]]>
Im going to launch an ecommerce wordpress website on a shared hosting system and woocommerce plugin is being used. L4 security tips are applied (like using ssl, ddos mitigation etc)
Im worry about L7 security issues (OWASP top 10)
After maintaining core and plugin updates what should I check?
What security plugin should I use?
How should I protect my ecommerce from fraud?
I’ll be grateful to hear your suggestions
Thanks a lot 