New to the community? Start here

[Defender Pro] Prevent Information Disclosure

With the last update on Defender, now appears a new SECURITY TWEAKS: Prevent Information Disclosure
The recommendation is:
Copy the generated code into your site specific .conf file usually located in a subdirectory under /etc/nginx/… or /usr/local/nginx/conf/…
But I don’t have acces to these directories, so how could I resolve the issue?
Thanks.

Tue, 28 Jan 2020 10:26:48
More Defender Pro discussions
Defender Pro
  • Adam
    • Support Gorilla

    Hi Angel

    I hope you’re well today and thank you for your question!

    Since you’re hosting with us you can safely ignore that warning from Defender. The “Prevent Information Disclosure” rules are already applied and working on all WPMU DEV hosted sites.

    The issue happens because just recently (I think yesterday) we made a small change in our hosting configuration, excluding “txt” files from the “Prevent Information Disclosure” rules.

    It’s been done due to multiple requests from Members to allow direct access to those files in /wp-content folder. However, Defender by default expects them to be also protected and since it sees they are not, it reports that.

    Our Defender developers were already made aware of this and in future Defender should take that change into account and stop issuing warnings if site’s hosted with us.

    As long as it’s on WPMU DEV hosting, please ignore this recommendation as those rules are already in use on a server-level.

    I apologize for confusion!

    Kind regards,
    Adam