.ini file

  • Resolved 11whyohwhy15

    (@11whyohwhy15)


    5 years, 4 months ago

    Wordfence is telling me I have: Issue Found 27/07/2019 18:02 – Critical:
    Publicly accessible config, backup, or log file found: .user.ini
    Type: Publicly Accessible Config/Backup/Log?

    However when I check the file it is:
    ; Wordfence WAF
    auto_prepend_file = ‘/site address/wordfence-waf.php’
    ; END Wordfence WAF

    It was obviously created by wordfence so why is is visible and what should I do about it?

    Thanks

Viewing 5 replies - 1 through 5 (of 5 total)

  • Hey @11whyohwhy15,

    This file should be blocked from viewing in your htaccess file, and there should be a link to fix the issue in the notice to fix it. Are you able to share the contents of your htaccess file?

    Thanks,

    Gerroald

    Thread Starter 11whyohwhy15

    (@11whyohwhy15)

    Hi,

    There is no link to fix just hide/ignore/details

    In details it just gives options to delete/mark as fixed

    I then have 3 x htaccess files in my public_html folder:

    .htaccess
    .htaccess-
    .htaccess-off

    In .htaccess – I have ifmodule rewrite

    In .htaccess- I have the ifmodule rewrite &
    # Wordfence WAF
    <Files “.user.ini”>
    <IfModule mod_authz_core.c>
    Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
    </IfModule>
    </Files>
    # END Wordfence WAF

    In .htaccess-off I have all of the above plus cache, hotlinking, ifmodule & deflate etc.

    Thanks

    Hey @11whyohwhy15,

    This looks correct. What type of server environment are you using?

    Can you send me a Diagnostics report so I can get a better overview of your environment? Please navigate to Wordfence > Tools > Diagnostics. Here you can select SEND REPORT BY EMAIL. Please include your www.remarpro.com username and update this thread after you’ve sent it.

    Thanks,

    Gerroald

    Hey @11whyohwhy15,

    One more thought to rule out a false positive. Are you able to access the file in a browser following the YourSite/wordfence-waf.php path?

    Thanks,

    Gerroald

    Thread Starter 11whyohwhy15

    (@11whyohwhy15)

    okay I have fixed the problem it seems my .htaccess that was live didn’t have the waf details in it so I reconfigured it then did a new scan and the critical warning has disappeared.

    Thanks

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘.ini file’ is closed to new replies.