It means anyone can access critical files on your server, files that should be inacessable. You need to secure your installation correctly. A thousands ways to do that, basics involve server configuration that you have to learn to do yourself, or perhaps get your ISP to do for you. Google terms such as “harden WordPress” and “WordPress security htaccess”
MTN
Hi @mon33x,
This alert is related to an improvement we implemented in the latest version (6.3.20).
Please see this topic which addresses the same question.
Thread Starter
mon33x
(@mon33x)
So I should add
<Files ".user.ini">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
to my htaccess?
Easy to test. First see if you can access those folders/files as public. First fix folder permissions if necessary. If that’s not the problem fool around with .htaccess and test again. Take lots of time that you could otherwise spend actually creating content, fun! If you want to learn .htaccess check out perishablepress.com as well as learning the basics of regular expressions, also helps to have a good ISP that’ll step in, oh, and you can try Cpanel options that modify your .htaccess, then look at the results as a learning process. i’ve gotten ok at working on my .htaccess but am not enough of an expert to make specific suggestions. In the end, I wish I’d never heard of .htaccess or WordPress and stuck with the flat html type site I started with as a blogger, but that’s the breaks… MTN
Thread Starter
mon33x
(@mon33x)
I added it and warning dissaper 🙂
