Error in .htaccess

  • Resolved milsel

    (@milsel)


    3 years, 11 months ago

    The line “Options -ExecCGI” in .htaccess in ./wp-content/uploads/ blocks the display of images on the www and in the WordPress administration.
    Is this line necessary? I had to disable it.

    .htaccess

    # BEGIN WP CERBER CLAMPS
<Files *>
SetHandler none
SetHandler default-handler
#Options -ExecCGI
RemoveHandler .cgi .php .php3 .php4 .php5 .php7 .phtml .pl .py .pyc .pyo
</Files>
<IfModule mod_php7.c>
php_flag engine off
</IfModule>
<IfModule mod_php5.c>
php_flag engine off
</IfModule>
# END WP CERBER CLAMPS
Viewing 1 replies (of 1 total)
  • Plugin Author gioni

    (@gioni)

    3 years, 11 months ago

    There is no error. In short, “Options -ExecCGI” is one of the security measure that reduces attack surface. When enabled with “Options +ExecCGI”, it allows executing CGI scripts located in any folder of the website. Normally, WordPress does not utilize CGI scripts and so does not require enabling them with “Options +ExecCGI” and a properly configured web server uses a special write-protected folder for CGI scripts.

    WP Cerber puts this directive in the upload/content folder where WordPress stores all files uploaded by users. Your website configuration, which requires enabling this option, means if an attacker will find a breach and upload a malicious script to the upload folder and easily execute it. I do not see any reasonable excuse for using such an unsafe website configuration.

Viewing 1 replies (of 1 total)

The topic ‘Error in .htaccess’ is closed to new replies.

Tags