htaccess path incorrect

  • Resolved amommy

    (@amommy)


    10 years, 6 months ago

    Here is what WF added

    RewriteCond %{REQUEST_URI} \/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)(.*)$
RewriteCond "%{DOCUMENT_ROOT}/wp-content/wfcache/%{HTTP_HOST}_%1/%2~%3~%4~%5~%6_wfcache%{ENV:WRDFNC_HTTPS}.html%{ENV:WRDFNC_ENC}" -f
RewriteRule \/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)(.*)$ "/wp-content/wfcache/%{HTTP_HOST}_$1/$2~$3~$4~$5~$6_wfcache%{ENV:WRDFNC_HTTPS}.html%{ENV:WRDFNC_ENC}" [L]

    honestly don’t understand most of it, but I do know that I don’t have a folder wp-content. Shouldn’t WF check if the wp-content folder was renamed?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Wordfence Security

    (@mmaunder)

    Can you tell me why you renamed your wp-content folder? I’d like to get more insight into this.

    You are correct that the rule above won’t work for you.

    Regards,

    Mark.

    Thread Starter amommy

    (@amommy)

    For me I rename the wp-content b/c everyone knows it should be there by default, and hackers can easily access files in it if they know it’s there. Also I move uploads folder outside the wp directory completely. I also move the plugin directory most times.
    here is more info on that
    https://premium.wpmudev.org/blog/10-wp-config-tweaks-to-improve-your-wordpress-site/

    Plugin Author Wordfence Security

    (@mmaunder)

    Hi,

    There are many ‘tweaks’ floating around that really don’t improve security at all and create a lot of incompatibility and problems. This is known as security through obscurity – trying to hide things – and it isn’t that effective. Particularly in this case because if you view the source of your home page you’ll probably see all kinds of URL’s that clearly display where your wp-content folder really is.

    Also there isn’t anything in wp-content that should be vulnerable if you’re running a site with everything upgraded.

    However I’ve noted your comments and that some people choose to do this so I’ll see if we can detect where your wp-content is and add that to the falcon rules we add to .htaccess.

    Regards,

    Mark.

    Thread Starter amommy

    (@amommy)

    yes, figuring out where wp-content is easy. but those that search for files in wp-content without actually ever visiting the site.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘htaccess path incorrect’ is closed to new replies.