Creating .htaccess and index.php files in Uploads folder. Why?

  • Resolved Feriman

    (@feriman)


    5 years ago

    Hi,

    This plugin create “wp-security-audit-log” folder in wp-content/uploads folder for every users. Example:
    /var/www/wp-content/uploads/sites/3/wp-security-audit-log

    It contains these files:

    /var/www/wp-content/uploads/sites/3/wp-security-audit-log/index.php
/var/www/wp-content/uploads/sites/3/wp-security-audit-log/.htaccess
/var/www/wp-content/uploads/sites/3/wp-security-audit-log/404s/index.php
/var/www/wp-content/uploads/sites/3/wp-security-audit-log/404s/.htaccess

    Is it necessary? How can I disable this feature?

    Thanks!

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Support robertabela

    (@robert681)

    Thank you for using our plugin @feriman

    For clarification: the plugin creates such folders for every site on the network and not for every user.

    These files are needed to restrict access to website visitors to some data the plugin writes to a log file in those directories, such as the IP addresses which are requesting non-existing URLs.

    May I ask why these directories / files are an issue?

    Thread Starter Feriman

    (@feriman)

    The problem is only related for security scan.

    The security scan found these above mentioned files as “not uploadable” files in uploads folder, and it has right. .htaccess and index.php have been forbidden to upload in this folder.

    Is there any option to move these files somewhere else or disable this feature?

    Thanks!

    Plugin Support robertabela

    (@robert681)

    Thank you for the clarification @feriman

    WordPress forbids users from uploading these type of files to the uploads directory for security reasons. However, there are no problems with a plugin creating legitimate files in such directory. They are required.

    Having said that, we will include a new setting in a future update that will allow you to change the location of where the plugin saves these log files.

    I hope that helps. Should you have any other questions please do not hesitate to ask.

    Have a great day and thank you for all the feedback.

    Thread Starter Feriman

    (@feriman)

    Thanks for your effort!

    Having said that, we will include a new setting in a future update that will allow you to change the location of where the plugin saves these log files.

    Awesome! Will it be a function in the next release?

    • This reply was modified 5 years ago by Feriman.
    Plugin Support robertabela

    (@robert681)

    No, sorry. We cannot guarantee a delivery date of such feature.

    Thread Starter Feriman

    (@feriman)

    Hi,

    is it fixed yet? Did you implement this function in your plugin?

    Thanks!

    Plugin Support robertabela

    (@robert681)

    This functionality has not been added yet @feriman

    Sorry, we were working on several other more pressing issues. However, we also didn’t address this because we are currently planning of rewriting the 404 requests monitoring module. We will address this issue with the rewrite of this module.

    You can follow the release progress of our plugin in the release notes and in the plugin’s change log.

    • This reply was modified 4 years, 7 months ago by robertabela.
Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Creating .htaccess and index.php files in Uploads folder. Why?’ is closed to new replies.