htaccess file change

  • Resolved paisleygirl

    (@paisleygirl)


    8 years, 7 months ago

    Hi there,
    I have a wordpress site and use your word fence security plugin. I was prompted to update it today and configure which I did. I noticed that it added an extra section to my htaccess file ( see below). Two questions: 1) Do I need to keep that extra text in my htaccess file from here on out and 2) can you confirm that the below text is indeed what is supposed to now show up there with the update? My site was hacked in the past so i routinely keep an eye on my htaccess file to assure it is as it should be. Please advise. Thanks!

    # Wordfence WAF
    <Files “.user.ini”>
    <IfModule mod_authz_core.c>
    Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
    </IfModule>
    </Files>

    # END Wordfence WAF

    https://www.ads-software.com/plugins/wordfence/

Viewing 5 replies - 1 through 5 (of 5 total)

  • Hello paisleygirl,
    yes this is as it should be. This is needed for the new Wordfence Firewall (WAF) feature.

    BulletProofSecurity notices this addition and posts the following warning…

    HUD Check: PHP/php.ini handler htaccess code check
    PHP/php.ini handler htaccess code was found in your root .htaccess file, but was NOT found in BPS Custom Code.
    To automatically fix this click here: Setup Wizard Pre-Installation Checks
    The Setup Wizard Pre-Installation Checks feature will automatically fix this just by visiting the Setup Wizard page.
    To Dismiss this Notice click the Dismiss Notice button below. To Reset Dismiss Notices click the Reset|Recheck Dismiss Notices button on the Security Status page.

    Hello again digbymaass,
    What BulletProofSecurity is saying is that it detected code in htaccess that it did not add itself. Since we know that it was Wordfence that added it, it should be considered a “false positive”. If you let BPS attempt to “fix it” I would expect problems arise with Wordfence.

    That’s what I thought. I dismissed the notice and am asking over on BPS how best to incorporate it so that BPS doesn’t protest. Just thought I’d give the heads up to anyone using both plugins.

    Thread Starter paisleygirl

    (@paisleygirl)

    ok, thanks very much!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘htaccess file change’ is closed to new replies.