Beta Testers Wanted – new htaccess code to protect plugins
-
This is the latest and greatest .htaccess code that will included in BPS .47.6. It has been tested and is working perfectly. if you would like to Beta Test this new code and post your results that would be very much appreciated. Please add additional plugins that you use to the REQUEST_URI filter to fully test protecting multiple plugins/plugins folder simultaneously. Thank you.
# BLOCK ALL REQUESTS/ACCESS TO BPS PLUGIN FILES AND OTHER PLUGIN FILES # Whitelist AITpro.com - this is only for BPS Pro folks # to continue to allow them to connect to the AITpro API Server. # You can add additional plugins that you would like to protect by # adding the plugin folder name as shown below. # NOTE: Some plugins utilize an index.php file in their plugin folder # that will negate the REQUEST_URI filter below. RewriteCond %{THE_REQUEST} ^(GET|POST|PUT) RewriteCond %{HTTP_REFERER} !^.*example.com.* [NC,OR] #RewriteCond %{HTTP_REFERER} !^.*ait-pro.com.* RewriteCond %{REQUEST_URI} ^plugins/(bulletproof-security|example-plugin-name1|example-plugin-name2)/(.*)$ [NC] RewriteRule ^(.*)$ - [F,L]
Test Parameters:
1. Upload a text file named test.txt to an additional plugin’s folder that you have added to the REQUEST_URI filter.
2. Try to access that text.txt file from a Browser.
Example: example.com/wp-content/plugins/some-example-plugin-name/test.txt
3. The test result should be a 403 error/Forbidden.https://www.ads-software.com/extend/plugins/bulletproof-security/
- The topic ‘Beta Testers Wanted – new htaccess code to protect plugins’ is closed to new replies.