WordPrsss Block direct access to PHP files

  • Resolved CB

    (@cbrandt)


    5 years, 7 months ago

    Hi,

    On Firewall Policies > Basic Policies, I see: “WordPress > Block direct access to any PHP file located in one of these directories”

    The list of directories, though, includes several with wildcards * and one that has /wp-includes/*.php, suggesting that the policy may not apply only to PHP files.

    I’m not sure if that’s the case, but I have a bunch of .xml files that are invoked within an iframe element. The .xml files are all in a folder inside /wp-content/uploads/. When I check to include /wp-content/uploads/in this policy, the .xml files are blocked.

    Is there a way to protect direct access to PHP files but not to .xml files?

    Thank you

Viewing 1 replies (of 1 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Depending on your server configuration, NinjaFirewall may also filter HTML and XML files if your PHP interpreter was setup to handle them (i.e., if you can add PHP code to HTML files). Anything that goes through PHP will go through NF too.

    In the free version of NinjaFirewall, to whitelitst .xml files, you can use the .htninja user script:

    <?php
/*
 +====================================================================+
 | NinjaFirewall optional configuration file                          |
 |                                                                    |
 | See: https://nintechnet.com/ninjafirewall/wp-edition/help/?htninja |
 +====================================================================+
*/
// Don't block *.xml files:
if ( isset( $_SERVER['SCRIPT_FILENAME'] ) && preg_match('/\.xml$/', $_SERVER['SCRIPT_FILENAME'] ) ) {
   return 'ALLOW';
}
Viewing 1 replies (of 1 total)
  • The topic ‘WordPrsss Block direct access to PHP files’ is closed to new replies.

Tags