New to the community? Start here

Defender Pro Information Disclosure issue

When I click on UPDATE. HTACCESS FILE it says “security tweak successfully resolved” but when I refresh the page the warning is still there.

Tue, 20 Aug 2019 11:00:35

Kris Tomczyk

Ex Staff

2,104 pts: Hero points 19,297 pts: Rep. points LEVEL 29

Hi mubeenmulla

Hope you are doing good today.

Your host provider is WPEngine. WPEngine run NGINX over Apache so this tweek will not work via htaccess.

You can ask your host to add below rules to nginx.conf file:

## WP Defender - Prevent information disclosure ### Turn off directory indexing

autoindex off;



# Deny access to htaccess and other hidden files

location ~ /. {

deny  all;

}



# Deny access to wp-config.php file

location = /wp-config.php {

deny all;

}



# Deny access to revealing or potentially dangerous files in the /wp-content/ directory (including sub-folders)

location ~* ^/nas/content/live/ectuae/wp-content/.*.(txt|md|exe|sh|bak|inc|pot|po|mo|log|sql)$ {

deny all;

}

## WP Defender - End ##

[attachments are only viewable by logged-in members]

Kind Regards,

Kris

Sales question?

How do you rate me?

Thank you for rating your experience!