WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] Is this necessary? (3 posts)

  1. Diesel12
    Member
    Posted 2 years ago #

    Prior to BP security, we had the following in our .htacess:

    # Prevents people from surfing for .htaccess
    <Files .htaccess>
    order allow,deny
    deny from all
    </Files>

    But noticed that among other things, BP Security has:

    <FilesMatch "^(wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php)">
    Order allow,deny
    Deny from all
    </FilesMatch>

    Is there still any need for the first file or allow / deny file for .htaccess?

    Thanks

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    FilesMatch is actually the better method to protect multiple files and the reason i have not included .htaccess in that FilesMatch list is because this security rule already protects ALL Protected Server files that begin with a dot. So no there is no need to add the Files .htaccess rule into your root .htaccess file.

    # DENY ACCESS TO PROTECTED SERVER FILES - .htaccess, .htpasswd and all file names starting with dot
    RedirectMatch 403 /\..*$
  3. Diesel12
    Member
    Posted 2 years ago #

    I figured it was in there somewhere already, but missed it .... thank you for the fast response!!! Much appreciated. :)

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.