firewall and .htaccess permission

  • Resolved mikele3

    (@mikele3)


    8 years, 6 months ago

    Hello,

    I am trying to implement the following:
    – Prevent Image Hotlinking
    – Block Fake Googlebots

    but upon applying the settings, the plugin complains that my .htaccess file cannot be edited.
    I did change permissions (temporarily) to 777 for the .htaccess file in the root of the website, but with no luck.
    Is there another .htaccess the plugin is trying to write to?

Viewing 9 replies - 1 through 9 (of 9 total)
  • Thread Starter mikele3

    (@mikele3)

    oops.. sorry, I made a mistake:
    – Block Fake Googlebots <- works

    – Enable 6G Firewall Protection <- complains that .htaccess cannot be edited

    Plugin Contributor wpsolutions

    (@wpsolutions)

    The block fake googlebots feature doesn’t write to the .htaccess file.
    You must have some other underlying issue on your server.

    Do any of the firewall rules work on your server – ie, is the plugin able to write to the .htaccess file when you enable say the “Basic Firewall Protection” rule?

    Thread Starter mikele3

    (@mikele3)

    you are right sorry; Block Fake Googlebots <- works

    for those, I get the warning that .htaccess is not writable.
    – Prevent Image Hotlinking
    – Enable 6G Firewall Protection

    I did change .htaccess in the website root (not the same folder where WP is installed) to 777, then tried to apply “Basic Firewall Protection” and again I get the warning that .htaccess is not writable.

    I did change .htaccess in the website root (not the same folder where WP is installed) to 777, then tried to apply “Basic Firewall Protection” and again I get the warning that .htaccess is not writable.

    Unlike WP core, AIOWPSF always writes its rules to the .htaccess file in directory where WP is installed. So if you have WP installed in subdirectory, check file permissions of .htaccess in that subdirectory.

    Thread Starter mikele3

    (@mikele3)

    Hello Chesio, thank you.

    so, to make this work, I did change group ownership to www-data and permissions to 775 for the folder where WP is installed.
    But I feel uneasy leaving it like that… what you think? isn’t it a security concern?

    furthermore, I did try – Prevent Image Hotlinking – and I saw the rules added to .htaccess …
    but since my wp-content folder has been moved outside the folder where WP is installed, I think that won’t work to prevent hotlinking… am I right?
    I am thinking I should cut/paste the rules to the .htaccess I have in my website root…

    if so, would that be the case for “Enable 6G Firewall Protection” and the other settings in the Firewall section?

    Hi,

    so, to make this work, I did change group ownership to www-data and permissions to 775 for the folder where WP is installed.
    But I feel uneasy leaving it like that… what you think? isn’t it a security concern?

    On a properly configured webhost this shouldn’t be an issue, even if it’s a shared one. But you would have to ask your provider to be sure.

    since my wp-content folder has been moved outside the folder where WP is installed, I think that won’t work to prevent hotlinking… am I right?

    Yes, you are right. You should place contents in the #AIOWPS_PREVENT_IMAGE_HOTLINKS block into htaccess file that is in the rootline of your uploads folder (or wp-content folder, if you want to protect assets from theme/plugins as well).

    if so, would that be the case for “Enable 6G Firewall Protection” and the other settings in the Firewall section?

    In case when WordPress is installed in a subdirectory, Jeff Starr, the author of 6G, recommends to only keep [QUERY STRINGS] section of 6G in WordPress directory (as the rules are designed to protect wp-admin area) and move everything else to root directory, so the other rules (like blocking of bad bots etc.) are applied to front-end requests as well.

    Thread Starter mikele3

    (@mikele3)

    In case when WordPress is installed in a subdirectory, Jeff Starr, the author of 6G, recommends to only keep [QUERY STRINGS] section of 6G in WordPress directory (as the rules are designed to protect wp-admin area) and move everything else to root directory, so the other rules (like blocking of bad bots etc.) are applied to front-end requests as well.

    I was going to ask this in a separate thread, but since you mention Jeff Starr (didn’t know about 6G being his work)…
    I use BBQpro on my WP websites, in those I am also installing and configuring AIOWPSF.
    Is that a good idea? does it gets redundant? known conflicts?
    Are BBQpro and “Enable 6G Firewall Protection” in AIOWPSF the same thing?

    I use BBQpro on my WP websites, in those I am also installing and configuring AIOWPSF.
    Is that a good idea? does it gets redundant? known conflicts?
    Are BBQpro and “Enable 6G Firewall Protection” in AIOWPSF the same thing?

    I don’t know BBQpro that well, but I assume that its built around rules from his 6G firewall. So I would say having 6G enabled in AIOWPSF adds nothing more to site security when you have BBQpro active.

    Thread Starter mikele3

    (@mikele3)

    Thank you Chesio.

    I’ll keep both for now; I’ll ask in the BBQpro support forum if that plugin works as expected with my configuration; if that is the case I am all set, if it doesn’t I’ll remove that and use AIOWPSF to help me insert the rules in the .htaccess file.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘firewall and .htaccess permission’ is closed to new replies.