Hello @sflwa ,
The feature “Lock and Protect System Folders” works through .htaccess rules. For example, in the .htaccess file added within the /wp-content folder. If you need to enable access to a particular file or folder, you can either tweak or comment out the rules in that particular .htaccess file.
Alternatively, you can also apply these exclusion filters:
https://eu.siteground.com/tutorials/wordpress/security-optimizer/custom-filters/#Whitelist_a_specific_script_from_Lock_and_Protect_System_Folders
Regards,
Plamen.M
Tech Support Team
SiteGround.com
-
This reply was modified 1 year, 10 months ago by
Plamen M.
I’m having the same issue – could you give an example? My site only has the one htaccess file in the root
Thread Starter
sflwa
(@sflwa)
@plamenm Thank you for your reply. Yes I’m very well aware of what you stated. Per my OP/Title – I’m getting stuck on the correct syntax for htaccess file to exclude the specific plugin folder so that it is accessible and was looking for an example syntax I can add / adjust
@sflwa I’ve just added an htaccess file to my plugins folder containing this:
<FilesMatch "charitable/assets/css/campaign-builder/themes/admin/\.php$">
Require all granted
</FilesMatch>
Does that help with the syntax? I’m hoping that I haven’t opened a gaping hole somewhere!
As an alternative, you can also use the exclusion filters described here:
https://eu.siteground.com/tutorials/wordpress/security-optimizer/custom-filters/#Whitelist_a_specific_script_from_Lock_and_Protect_System_Folders
I also updated my first reply with this, to make it easier for others who come across this thread here.
Regards,
Plamen.M
Tech Support Team
SiteGround.com
Thread Starter
sflwa
(@sflwa)
@plamenm
While I still appreciate the reply – I attempted that as well without success – again I’m trying to allow the entire plugin not just one file – it needs the entire plugin folder.
As i’ve said I’m really looking for the specific Syntax to add to the htaccess file to whitelist the entire folder
Thank you for the update. You can try with the following .htaccess rule. This configuration will allow access to PHP files within the excluded-folder while denying access to PHP files in all other directories.
# Exclude the folder named 'excluded-folder' from the restrictive rule
<Directory "/path/to/your/excluded-folder">
<IfModule !mod_authz_core.c>
Order allow,deny
Allow from all
</IfModule>
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
</Directory>
# SGS Directory Hardening
<FilesMatch "\.(?i:php)$">
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from all
</IfModule>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
</FilesMatch>
Replace /path/to/your/excluded-folder with the actual path to the folder you want to exclude from the restrictive rule.
If the folder is within the same directory as your .htaccess file, you can use a relative path instead.
Regards,
Plamen.M
Tech Support Team
SiteGround.com
Thread Starter
sflwa
(@sflwa)
@plamenm
Actually Directory doesn’t work inside htaccess but I did get it working as I created an htaccess in the plugin folder and did the inverse of the default SG Hardening and this fixed it
Thank you for pointing me in the right direction
<FilesMatch "\.(?i:php)$">
<IfModule !mod_authz_core.c>
Order allow,deny
Allow from all
</IfModule>
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
</FilesMatch>
You are most welcome. I am glad that you found a working solution and also thank you for sharing.
Regards,
Plamen.M
Tech Support Team
SiteGround.com
