Consequences of removing .htaccess protections on Sucuri plugin folder

  • Resolved bitsum

    (@bitsum)


    9 years ago

    Since Sucuri Scanner still doesn’t properly support Apache 2.4, I have removed the .htaccess that protects it’s plugin folder. That .htaccess intends to block access to anything other than images/css/etc.. However, it malfunctions, resulting in a 500 error on Apache 2.4.

    What are the consequences of allowing unrestricted access to the Sucuri Scanner plugin folder? I am assuming nothing serious, and that .htacces exists only out of abundance of caution.

    Thanks!

    https://www.ads-software.com/plugins/sucuri-scanner/

Viewing 1 replies (of 1 total)
  • yorman

    (@yorman)

    This issue is already fixed in the development version of the code [1] and was addressed with this commit [2]; please wait until the next public version is released, or download the code from the linked repository.

    To answer your question, if a malicious user gains access to the admin panel or somehow is able to upload a PHP file to your website exploiting a vulnerability in a theme or plugin (which is fairly common) then having these directories hardened will block the execution of those PHP files. There are no consequences if you are confident that the malicious user can not upload files to your website.

    [1] https://github.com/Sucuri/sucuri-wordpress-plugin
    [2] https://github.com/Sucuri/sucuri-wordpress-plugin/commit/3b53624

Viewing 1 replies (of 1 total)
  • The topic ‘Consequences of removing .htaccess protections on Sucuri plugin folder’ is closed to new replies.