user ini file publicly accessible

  • Resolved marywt

    (@marywt)


    1 year, 9 months ago

    I am responsible for several community websites which all have WordFence but the newest one, set up in July 2022 has suddenly started displaying the above error.
    The first time I followed the instruction to ‘hide’ and the subsequent scan showed that it had been hidden, but three days later the error showed up again.
    The only thing which I did differently with the website was add a new user before the first message showed up, I have not added anyone else since then.
    None of the other sites on the same hosting platform are showing this error. I don’t have a plugin on this site which isn’t on the others.
    I have sent the email with the diagnostics to [email protected] I look forward to a response, thanks, Mary

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @marywt, thanks for sending your diagnostic over.

    The scan issues section of your diagnostic doesn’t appear to be showing the notice about a publicly visible .user.ini, which I would expect to see in this scenario. Are you also seeing it reported on the Wordfence dashboard or elsewhere?

    If you check your .htaccess file when the error is showing, are you missing the following code?:

    # Wordfence WAF
<Files ".user.ini">
<IfModule mod_authz_core.c>
    Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
</IfModule>
</Files>
# END Wordfence WAF

    If so, manually add that in and see if it suppresses the error. If it does, but you see the error again in a few days time, has this code once again been removed from the file?

    Thanks,
    Peter.

    Thread Starter marywt

    (@marywt)

    Thanks Peter,

    For some reason this reply went into Junk and so I didn’t know I had it as I am not notified from that folder.

    As I thought I hadn’t heard from you I followed the instruction to ‘hide’ again and it hasn’t shown up since.
    Thanks, Mary

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘user ini file publicly accessible’ is closed to new replies.