public user.ini

  • Resolved newclaremont

    (@newclaremont)


    7 years, 8 months ago

    I have Wordfence installed as well as the amazing NinjaFirewall and Scanner. (I wanted to block a password guessing attack.) WF reports that the user.ini file is public and that this is a critical matter.

    1. I can’t see that it is problematic? Pasted the content below.

    2. Did installing Wordfence take-over firewall duties from NinjaFirewall?:

    ; BEGIN NinjaFirewall
    auto_prepend_file = /home/content/n3pnexwpnas01_data03/48/3097648/html/wp-content/nfwlog/ninjafirewall.php
    ; END NinjaFirewall

    ; Wordfence WAF
    ;;auto_prepend_file = ‘/home/content/n3pnexwpnas01_data03/48/3097648/html/wordfence-waf.php’
    ; END Wordfence WAF

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author nintechnet

    (@nintechnet)

    7 years, 8 months ago

    It looks like your PHP INI is world readable and you will need to block access to it. You can follow this article: https://blog.nintechnet.com/protecting-ninjafirewalls-php-ini-file/

    Thread Starter newclaremont

    (@newclaremont)

    7 years, 8 months ago

    Many thanks for the speedy reply. I edited the htaccess file in two ways – just adding the code used in the blog to underneath what was already there and then deleting what was there and adding the new code. Both resulted in a server error, so I’m obviously doing something wrong. Does it actually matter that the user.ini is public? All it says to my untrained eye is that the site has Ninja and WF…

    I’ll drop you a message about something else via your site.
    Kind regards

    Plugin Author nintechnet

    (@nintechnet)

    7 years, 8 months ago

    It’s not a security risk i.e., you won’t get hacked because of that, but because it is leaking some configuration info it is better to protect it.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘public user.ini’ is closed to new replies.

Tags