Are htaccess files needed in uploads and wp-includes directories

  • Resolved idealocity

    (@idealocity22)


    10 years, 5 months ago

    Before installing BulletProof Security plugin we had installed the Sucuri security plugin. That plugin has a WordPress “hardening” option that installed an .htaccess file in the wp-content/uploads and /wp-includes directories to prevent PHP execution in those directories. Below I have included the code inside those .htaccess files.

    My two-part question is:

    a) do you recommend leaving those files or deleting them?
    b) if you recommend deleting them, is that because the .htaccess file that BulletProof Security installs in the root directory takes care of those php execution issues?

    Thanks!

    # code added by Sucuri plugin to wp-content/uploads and to /wp-includes
    # directories to prevent php execution
    <Files *.php>
    deny from all
    </Files>

    https://www.ads-software.com/plugins/bulletproof-security/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author AITpro

    (@aitpro)

    a. The problem you are going to run into with the Sucuri /wp-content htaccess file is it is probably going to block some things in other plugins. So be prepared to create some whitelist rules in that wp-content htaccess file for things. The last time I checked there were not any whitelisting tools or options in the Sucuri 1-click hardening htaccess file for the wp-content folder.

    b. I think the wp-content htaccess file is very, very secure and probably more secure than the BPS root .htaccess file, but like I said above be prepared to create some custom whitelist rules in that wp-content htaccess file.

    Thread Starter idealocity

    (@idealocity22)

    Thanks for the explanation and quick reply!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Are htaccess files needed in uploads and wp-includes directories’ is closed to new replies.