.user.ini error message

  • I am getting this warning message
    Publicly accessible config, backup, or log file found: .user.ini
    Type: Publicly Accessible Config/Backup/Log

    I have reviewed my .htaccess file and the appropriate Wordfence deny commands are in the file.

    I am not sure what else I to do to resolve this issue?

    Based on previous messages in this forum, I will send you a diagnostic report

    Thank you
    Elliot

    PS – I tried to send the diagnostic report but I get an error message when I try to send it. The Error – There was an error while sending the email. I’m trying to fix that. EJ

    • This topic was modified 2 years, 3 months ago by ej53.
Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Support wfphil

    (@wfphil)

    Hi @ej53

    If you have at least Wordfence version 7.4.9 installed then you can export a report instead. There will be an EXPORT button at the top of the page to export a diagnostics report text file.

    Attach the text file in an email and send to wftest [at] wordfence [dot] com. Add your username ej53 to the email subject field so that I can find it.

    Once you have sent the email can you reply here to let me know that it has been sent.

    Thread Starter ej53

    (@ej53)

    wfphil –

    Sorry for the delay, I’ve been dealing with some other issues.

    I think I was able to get my email working and I sent a report several days ago.

    Today, I went back to diagnostics and sent another report by email.

    I also clicked on export and it seemed to run but I’m not sure where it exported the file. If you do not receive an email from my diagnostics report, if you will point me in the right direction for the exported file, I will send that to you.

    Thank you
    Elliot

    Plugin Support wfphil

    (@wfphil)

    Hi @ej53

    Thank you for the update.

    Are you using AWS Lightsail for your hosting platform?

    Thread Starter ej53

    (@ej53)

    wfphil:

    Yes, I am.

    I also found the text file diagnostic report and will email it to you.

    Elliot

    Plugin Support wfphil

    (@wfphil)

    Hi @ej53

    Thank you for the update.

    You will need to add the code below to these two server configuration files:

    /opt/bitnami/apache/conf/vhosts/wordpress-https-vhost.conf
    /opt/bitnami/apache/conf/vhosts/wordpress-vhost.conf

    <Files ".user.ini">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
    Thread Starter ej53

    (@ej53)

    wfphil –

    Thank you. Is there a particular place in the file it needs to go or can it go at the end after </VirtualHost>

    Elliot

    Plugin Support wfphil

    (@wfphil)

    Hi @ej53

    Thank you for the update.

    It should work anywhere in the <VirtualHost> tags.

    Thread Starter ej53

    (@ej53)

    wfphil –

    I added it to the 2 vhost.conf files and then I ran a new scan.

    I am still getting a Critical Issue

    It is still saying that my .user.ini file is publicly accessible….

    I checked the permissions of the .user.ini file and it is now set as 644

    -rw-r–r– 1 daemon daemon 99 Mar 27 06:02 .user.ini

    Is that the correct setting, and if so, why am I still getting a scanning error?

    or is there another .user.ini somewhere in my directories?

    Thank you

    Elliot

    PS – I have also sent a new diagnostic report to you

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘.user.ini error message’ is closed to new replies.

Tags