Manual Firewall Optimization (auto_prepend_file, php.ini)

  • Resolved ddach69

    (@ddach69)


    8 years, 3 months ago

    After installing WF 7, I was prompted to optimize the firewall. My hosting is siteground, so I followed the directions found here for siteground: https://www.wordfence.com/help/firewall/optimizing-the-firewall/

    Overnight, when Gravityscan checked out my site, it discovered that the php.ini file was publicly visible! Is this the best way to hide it? I hid the php.ini file by adding the following to my .htacess:

    <Files php.ini>
    Order allow,deny
    Deny from all
    </Files>

    Thanks!

Viewing 2 replies - 1 through 2 (of 2 total)
  • wfyann

    (@wfyann)

    8 years, 3 months ago

    Hi @ddach69,

    You can see here how to hide a specific file via .htaccess.

    Note that Wordfence has a scan option to detect publicly accessible configuration, backup, or log files.

    Thread Starter ddach69

    (@ddach69)

    8 years, 3 months ago

    Okay, I removed my new entry in the .htaccess, and ran a scan. WF did not flag the php.ini file. So, I ended up adding the following to block access to the file as well as other sensitive files:

    # Restrict access to sensitive config files
    <filesMatch “\.(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$”>
    Order Allow,Deny
    Deny from all
    </filesMatch>

    Thanks.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Manual Firewall Optimization (auto_prepend_file, php.ini)’ is closed to new replies.