Hiding user.ini nginx

  • Resolved rafaelsn2310

    (@rafaelsn2310)


    1 year, 8 months ago

    Hiding User.ini

    Hi, folks. I know that this has been asked and answered lots of times before but I’ve tried everything but it still shows the alert. I’m building a website and when running a scan with Wordfence tells me that .user.ini is accessible and of course it is. When I open the https://www.mysite.com/.user.ini. it downloads the file.

    I’ve tried the WordFence solution at nginx.conf being

    location ~ ^/WordPress/.user.ini {

    Deny all;

    }

    I’ve also tried using just .user.ini part as other posts suggest and adding the full path to the file as well. All of these with no luck. Could you please help me? Been looking for hours and hours with no luck and I’m a beginner so I don’t have the knowledge to come up with a solution hahaha.

    Thanks

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @rafaelsn2310, thanks for your message.

    The forum seems to have reformatted your code, so can I confirm that both:

    location ~ ^/\.user\.ini {
deny all;
}

    and: 

    location ~ ^/WordPress/\.user\.ini {
deny all;
}

    …have been tried? Note the forward and backward slash characters. Case sensitivity may also be a factor, so ensure when you say “WordPress” as the folder, you don’t really mean “wordpress” etc.

    If those don’t work, you may need to contact your host to see whether the code addition is correct, and if it is, why it isn’t working.

    Thanks,
    Peter.

Viewing 1 replies (of 1 total)
  • The topic ‘Hiding user.ini nginx’ is closed to new replies.