Better WP Security and Apache 2.4

  • Hello,
    if you install BWPS on Apache 2.4, when the plugin bans at least one host we receive an “Internal Server Error” message and the site goes down.

    To avoid this we have modified the file common.php of the plugin
    changing lines:

    $rules .=       "Order Allow,Deny" . PHP_EOL .
"Deny from env=DenyAccess" . PHP_EOL .
"Allow from all" . PHP_EOL;

    with these:

    $rules .=       "<RequireAll>" . PHP_EOL .
"Require not env DenyAccess" . PHP_EOL .
"Require all granted" . PHP_EOL .
"</RequireAll>" . PHP_EOL;

    Note to the author: I hope you will include this change (or similar) in the next release. I know it is difficult to detect automatically the version of Apache (2.2 or 2.4), but I would suggest to put a check box in the admin area of the plugin to allow the administrator to choose.

    Simone.

    https://www.ads-software.com/plugins/better-wp-security/

Viewing 1 replies (of 1 total)
  • Thread Starter smarx80

    (@smarx80)

    also, in the same file (common.php):

    From:

    $rules .=
        "<files .htaccess>" . PHP_EOL .
                "Order allow,deny" .  PHP_EOL .
                "Deny from all" . PHP_EOL .
        "</files>" . PHP_EOL . PHP_EOL .
        "<files readme.html>" . PHP_EOL .
                "Order allow,deny" . PHP_EOL .
                "Deny from all" . PHP_EOL .
        "</files>" . PHP_EOL . PHP_EOL .
        "<files readme.txt>" . PHP_EOL .
                "Order allow,deny" . PHP_EOL .
                "Deny from all" . PHP_EOL .
        "</files>" . PHP_EOL . PHP_EOL .
        "<files install.php>" . PHP_EOL .
                "Order allow,deny" . PHP_EOL .
                "Deny from all" . PHP_EOL .
        "</files>" . PHP_EOL . PHP_EOL .
        "<files wp-config.php>" . PHP_EOL .
                "Order allow,deny" . PHP_EOL .
                "Deny from all" . PHP_EOL .
        "</files>" . PHP_EOL . PHP_EOL;

    To:

    $rules .=.
        "<files .htaccess>" . PHP_EOL .
                "Require all denied" . PHP_EOL .
        "</files>" . PHP_EOL . PHP_EOL .
        "<files readme.html>" . PHP_EOL .
                "Require all denied" . PHP_EOL .
        "</files>" . PHP_EOL . PHP_EOL .
        "<files readme.txt>" . PHP_EOL .
                "Require all denied" . PHP_EOL .
        "</files>" . PHP_EOL . PHP_EOL .
        "<files install.php>" . PHP_EOL .
                "Require all denied" . PHP_EOL .
        "</files>" . PHP_EOL . PHP_EOL .
        "<files wp-config.php>" . PHP_EOL .
                "Require all denied" . PHP_EOL .
        "</files>" . PHP_EOL . PHP_EOL;

Viewing 1 replies (of 1 total)
  • The topic ‘Better WP Security and Apache 2.4’ is closed to new replies.