Hiding .user.ini file

  • Resolved WPSani

    (@sani060913)


    6 years, 7 months ago

    Hello everyone,
    user.ini file in my website root folder appears to be not hidden.
    I’ve read a lot of topics about this issue, so I’ve tried with these two methods:

    1. Editing .htaccess, adding 
      <Files “.user.ini”>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>

      but I don’t have .htaccess file and creating a new one doesn’t solve anything

    2. Edit nginx.conf file adding: 
      location ~ \.user\.ini$ {
              deny all;
}

      to the server block and restarting nginx, but it’s not working.

      I am using https protocol, I don’t know if it matters and I have to edit another file…

      Sources:
      https://ww.wp.xz.cn/support/topic/security-issue-user-ini-file/
      https://ww.wp.xz.cn/support/topic/mydomain-com-user-ini/

    • This topic was modified 6 years, 7 months ago by WPSani.
Viewing 4 replies - 1 through 4 (of 4 total)
  • wfdave

    (@wfdave)

    6 years, 7 months ago

    Hi @sani060913,

    Since you’re using SSL, you need to edit or create the file nginx.ssl.conf (which is in the same directory as nginx.conf.

    If you use that file instead, does it block access to .user.ini?

    Dave

    Thread Starter WPSani

    (@sani060913)

    6 years, 7 months ago

    Thanks a lot @wfdave,
    sorry for the stupid question but how can I upload it in nginx folder? I am using SFTP to connect but when I try to upload the file I am having a permission error…

    WFSupport

    (@wfsupport)

    6 years, 7 months ago

    There are never any stupid questions. Trust me. It just means it’s something you haven’t learned yet. 🙂

    Still, this is probably a question your hosting provider is best suited to answer since they would know more about the specifics of your environment. Reach out to them and I am sure they can have it sorted quickly for you.

    Tim

    WFGerroald

    (@wfgerald)

    6 years, 6 months ago

    Hi @sani060913,

    We haven’t heard back from you in a while, so I’ve gone ahead and marked this thread as resolved.

    Please feel free to open another thread if you have any other questions.

    Thanks,

    Gerroald

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Hiding .user.ini file’ is closed to new replies.