Hardening Issue

Hi: I just picked up on a small issue.

When hardening the includes directory, we had an issue with it double applying the whitelisted tnymce and ms-files. This was triggered when we would deactivate the protection and leave the whitelist, then reactive the protection.

The white list adds both files twice and shows this in the whitelist tab as 4 items. This is causing code to double up on itself, but also throw 404 errors still because if you are using the backwards compatible directive: SSILegacyExprParser on

there can be precedence issue since it is mixing Apache 2.4 and 2.2 code. We have an apache-auth fail2ban rule set also so for Admins, it is causing IP blocks since the tnymce 404 is being recorded as an auth failure against the limit imposed by the jail rule.

To fix this, I tried to delete the whitelisted items in the plugin, but it would not remove them. I had to manually delete them from the file itself, then refresh Sucuri. After that I re-activated hardening and it only showed the 2 items and properly coded in htaccess.

Wanted to just note this because for someone who does not code, if they deactivate and reactivate, it appears to produce a conflict. not sure it is possible, but could you consider:

1. forcing Sucuri to validate the written htaccess files upon update?
2. forcing sucuri to validate the order according to precedence
3. forcing sucuri to check the validity of its written htaccess files during its scans?

Maybe this is done and it just was isolated on my end, but figured it was worth noting.
Thanks!

https://www.ads-software.com/plugins/sucuri-scanner/