Conflict with Security Plugins, with a Fix
-
Hi Lester,
We’ve been using your plugins for years. Keep up the great work.
One thing to know…if you use this plugin with certain security plugins, like Sucuri, they place an
.htaccessfile in the/wp-content/directory that blocks.phpfiles from being run in plugin directories. That breaks your image verification, and possibly other things. There is a real easy fix. Just add an.htaccessfile to your plugin directory with some variation of the following code to proactively allow access to your files:# WP-Email - "/wp-email/" .htaccess # Version 2.66 # Control direct access to certain files. # Apache 2.2 and 2.4 compatible # Apache 2.2 <IfModule !mod_authz_core.c> Order Allow,Deny Allow from all </IfModule> # Apache 2.4 <IfModule mod_authz_core.c> Require all granted </IfModule> # Using Files instead of FilesMatch for compatibility with certain branches of Apache # Text and Language Files - Deny <Files ~ "^(.+)\.(txt|mo|pot)$"> <IfModule !mod_authz_core.c> Deny from all </IfModule> <IfModule mod_authz_core.c> Require all denied </IfModule> </Files> # PHP Files - Allow # Ensure that .htaccess files other plugins place in "/wp-content/" cannot prevent access <Files ~ "^(.+)\.php$"> <IfModule !mod_authz_core.c> Allow from all </IfModule> <IfModule mod_authz_core.c> Require all granted </IfModule> </Files>This is a slightly modified version of what we use to do this with WP-SpamShield.
I hope that helps, and that you’ll consider adding something like this to a future version to prevent any conflicts.
– Scott
PS. The reason for denying .txt files is so that hackers can’t use bots to scan readme.txt files for version numbers when they are looking for vulnerabilities.
The topic ‘Conflict with Security Plugins, with a Fix’ is closed to new replies.
