System Files protection doesn’t consider WP installed path

  • System Files protection doesn’t work if WordPress is installed to sub directory.

    Steps:
    1. Install WordPress to its own directory (e.g. /wp ) with Method II of https://codex.www.ads-software.com/Giving_WordPress_Its_Own_Directory

    2. install iThemes Security and activate.
    3. enable System Tweaks > System Files
    4. access to /wp/wp-admin/includes/admin.php

    expected result:
    HTTP 403 error

    actual result:
    admin.php is executed, and you will see PHP error.

Viewing 1 replies (of 1 total)

  • @ykato20

    System Files protection doesn’t work if WordPress is installed to sub directory.

    Actually it works when WordPress is initially installed in a subdirectory.

    What you are saying is that it doesn’t work when WordPress is initially installed in the root AND then moved to it’s own sub directory as described in Method II of
    https://codex.www.ads-software.com/Giving_WordPress_Its_Own_Directory

    What happens when you temporarily change the line below in .htaccess file:

    RewriteRule ^wp-admin/includes/ - [F]

    to:

    RewriteRule ^(wp/)?wp-admin/includes/ - [F]

    • This reply was modified 7 years, 7 months ago by pronl.
Viewing 1 replies (of 1 total)
  • The topic ‘System Files protection doesn’t consider WP installed path’ is closed to new replies.