[Defender Pro] Prevent Information Disclosure hosted on WPMU

Good morning,
I hope you are all doing fine.
I’m creating this ticket because there’s something weird happening on itenzo.be regarding Defender Pro.
Suddenly, Defender Pro reminds me to the fact that I have one security issue open:

Overview
Often servers are incorrectly configured, and can allow an attacker to get access to sensitive files like your config, .htaccess and backup files. Hackers can grab these files and use them to gain access to your website or database.

Status
You don’t have information disclosure protection active.

Currently, some of your config files aren’t protected. It’s best to lock this down these files to ensure they can’t be accessed by hackers and bots.

This is weird because the site is hosted at WPMU Dev and although I know it is NGINX, I cannot access the servers itself.

kind regards,

Michael

  • Adam
    • Support Gorilla

    Hi Michael

    I hope you’re well today and thank you for your question!

    A good news is that you still don’t have anything to worry about :slight_smile: Those rules are still there, applied automatically to all the sites on our hosting and working. However, recently – answering popular request from Members – we’ve made a small change “hosting-wide”, making an exception for .txt files.

    While “Prevent Information Disclosure” rules are still in place, now .txt files can be directly accessed if they are in /wp-content folder. Defender by default blocks these files too and since it detects they are not blocked here, it issues the warning.

    Our Defender team has been made aware of it so with future releases Defender should be able to “silence” that warning if it’s running on our hosting.

    Best regards,
    Adam