Hi Peter. There’s nothing in the main site folder. Some of the subfolders have .htaccess files, but they don’t look like they’re anything of interest and are specific to the folders that contain them.
However, the 5.7.2-34 AWS Lightsail build contains two new virtual hosts at the following locations:
/opt/bitnami/apache/conf/vhosts/wordpress-https-vhost.conf
/opt/bitnami/apache/conf/vhosts/wordpress-vhost.conf
I’m not sure if this is the ideal thing to do, but if I add the following code to each of these files, access to the .user.ini file is now blocked:
# Wordfence WAF
<Files ".user.ini">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
# END Wordfence WA
-
This reply was modified 3 years, 3 months ago by wpjasonr.
