Whitelist a file for php access

  • Resolved willb

    (@asecondwill)


    8 years, 9 months ago

    in the plugins settings – Block PHP Files in WP-CONTENT Directory

    I’m trying to whitelist wp-content/themes/book-store/stylesheet/style-custom.php however the dir-seperators (/) are being removed. is there an escape char? or some other way of doing this? if not will have to just deactivate that hardening. which isn’t ideal.

Viewing 1 replies (of 1 total)
  • yorman

    (@yorman)

    8 years, 9 months ago

    The hardening is applied using the access control file by the Apache web server. This file acts against the directory where it is located and the entire sub-tree, it makes no sense to specify the full file path in this file because that is not how the access control in Apache works.

    If you want to specify the entire directory path, you will have to create a different .htaccess file in the same directory where the file that you want to whitelist is located, in this case here [1] and then specify “style-custom.php” alone.

    The hardening applied by the Sucuri plugin places a .htaccess file here [2] and because the defined rules cover the entire sub-tree you don’t need to specify the parent nor sub-directories to whitelist that file.

    [1] /wp-content/themes/book-store/stylesheet/.htaccess
    [2] /wp-content/.htaccess

Viewing 1 replies (of 1 total)

The topic ‘Whitelist a file for php access’ is closed to new replies.