WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] problems with diplaying images after placing htaccess in wp-content folder (6 posts)

  1. Barnez
    Member
    Posted 3 months ago #

    Hi,

    I'm try to harden my WordPressa installing and am now at the point where I'm placing htaccess files outside of the root directory to improve security.

    I have placed the following code in my wp-content/uploads and wp-content/includes folders, and all is well:

    <Files *.php>
    deny from all
    </Files>

    The problem is when I place the following as an .htaccess file in the wp-content folder:

    Order deny,allow
        Deny from all
        <Files ~ ".(xml|css|jpe?g|png|gif|js)$">
        Allow from all
        </Files>

    When I try to view my blog page with snippits and thumbnail images, the thumbnail images don't show themselves and the alt text is visible.
    You can see the issue here. It seems strange as the images are jpegs, which are being allowed through the htaccess rules in wp-content, but the thumbnail won't show unless I remove the code.

    Any ideas would be great at this point.

    Cheers,
    Barnez

  2. Barnez
    Member
    Posted 3 months ago #

    After a real nightmare with error codes being thrown up in the cPanel logs and 520 server connection errors, I have removed these three htaccess files and am back to relying on the main root's htaccess file and a combination of Wordfence for security scans and NinjaFirewall for firewall and login protection.

    https://wordpress.org/plugins/wordfence/
    http://wordpress.org/plugins/ninjafirewall/

  3. Daniel Cid
    Member
    Posted 3 months ago #

    Hi Barnez,

    You likely need to white list the PHP file that generates the thumbnails. Are you using something like timthumb?

    thanks,

  4. Barnez
    Member
    Posted 3 months ago #

    Hi Daniel,

    Thanks for the input. You're right, the thumbnails are being generated by timthumb.php

    As the site is now running as normal I will look into white listing the script from the uploads and wp-content htaccess files. I imagine that means adding timthumb.php to the Allow from all exclusions rule: <Files ~ ".(xml|css|jpe?g|png|gif|js)$">

    Cheers,

  5. Barnez
    Member
    Posted 3 months ago #

    I tried adding this as an .htaccess file in the folder containing the timthumb.php script, but it didn't help:

    <Files timthumb.php>
        Order Allow,Deny
        Allow from all
    </Files>
  6. Barnez
    Member
    Posted 3 months ago #

    Now resolved :)

    The white list code for the directory containing the timthumb.php script should read:

    <Files timthumb.php>
      Satisfy Any
      Allow from all
     </Files>

Reply

You must log in to post.

About this Topic