A Discovered Loophole and Recommendation for this Plugin

  • ipexmedia

    (@synergeticcorp)


    10 years, 8 months ago

    I discovered this article about the importance of protecting your files, like install.php:

    http://perishablepress.com/important-security-fix-for-wordpress/

    You can delete install.php, but the problem is it comes back after each WordPress Update, so recommended solution is to paste this code in your .htaccess to prevent hackers from getting into http://www.domain/wp-admin/install.php:

    # PROTECT install.php
    <Files install.php>
    Order Allow,Deny
    Deny from all
    Satisfy all
    </Files>

    Better WP Security already does this by pasting similar code; however, when Better WP Security is inactive, all the codes generated from Better WP Security is taken out from the .htaccess file; hence, your install.php is no longer protected.

    This can happen with similar incidents like from that link above with server go down and all your plugins are automatically turned off.

    A recommendation, would you paste all the extra code generated from Better WP Security within the .htaccess and have it TWICE after activating the plugin that way when Better WP Security is turned off, you’re still protected by that same code…or having similar code within the Better WP Security section of .htaccess cause conflict?

    If having duplicate scripts just redundant, that’s fine, but if interfere, that’s a different story.

    http://wordpress.org/plugins/better-wp-security/

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘A Discovered Loophole and Recommendation for this Plugin’ is closed to new replies.