problems with diplaying images after placing htaccess in wp-content folder

  • Resolved barnez

    (@pidengmor)


    9 years, 11 months ago

    Hi,

    I’m try to harden my WordPressa installing and am now at the point where I’m placing htaccess files outside of the root directory to improve security.

    I have placed the following code in my wp-content/uploads and wp-content/includes folders, and all is well:

    <Files *.php>
deny from all
</Files>

    The problem is when I place the following as an .htaccess file in the wp-content folder:

    Order deny,allow
    Deny from all
    <Files ~ ".(xml|css|jpe?g|png|gif|js)$">
    Allow from all
    </Files>

    When I try to view my blog page with snippits and thumbnail images, the thumbnail images don’t show themselves and the alt text is visible.
    You can see the issue here. It seems strange as the images are jpegs, which are being allowed through the htaccess rules in wp-content, but the thumbnail won’t show unless I remove the code.

    Any ideas would be great at this point.

    Cheers,
    Barnez

Viewing 5 replies - 1 through 5 (of 5 total)
  • Thread Starter barnez

    (@pidengmor)

    9 years, 11 months ago

    After a real nightmare with error codes being thrown up in the cPanel logs and 520 server connection errors, I have removed these three htaccess files and am back to relying on the main root’s htaccess file and a combination of Wordfence for security scans and NinjaFirewall for firewall and login protection.

    https://wordpress.org/plugins/wordfence/
    http://wordpress.org/plugins/ninjafirewall/

    Daniel Cid

    (@ddsucurinet)

    9 years, 11 months ago

    Hi Barnez,

    You likely need to white list the PHP file that generates the thumbnails. Are you using something like timthumb?

    thanks,

    Thread Starter barnez

    (@pidengmor)

    9 years, 11 months ago

    Hi Daniel,

    Thanks for the input. You’re right, the thumbnails are being generated by timthumb.php

    As the site is now running as normal I will look into white listing the script from the uploads and wp-content htaccess files. I imagine that means adding timthumb.php to the Allow from all exclusions rule: <Files ~ “.(xml|css|jpe?g|png|gif|js)$”>

    Cheers,

    Thread Starter barnez

    (@pidengmor)

    9 years, 11 months ago

    I tried adding this as an .htaccess file in the folder containing the timthumb.php script, but it didn’t help:

    <Files timthumb.php>
    Order Allow,Deny
    Allow from all
</Files>

    Thread Starter barnez

    (@pidengmor)

    9 years, 11 months ago

    Now resolved 🙂

    The white list code for the directory containing the timthumb.php script should read:

    <Files timthumb.php>
  Satisfy Any
  Allow from all
 </Files>
Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘problems with diplaying images after placing htaccess in wp-content folder’ is closed to new replies.

Tags