Compatibility with secure .htaccess recommendations

  • Resolved brand-dedication

    (@brand-dedication)


    8 years, 10 months ago

    Hi Frank,

    If we are using a plugin like the Sucuri Scanner – https://wordpress.org/plugins/sucuri-scanner/ which recommends disallowing php execution in various wp directories Adminer won’t run.

    An example of the code via .htaccess that won’t allow Adminer to run via .htaccess rules is…

    <Files *.php>
deny from all
</Files>

    So I placed the opposite rule in the Adminer plugin so it will run. Like so… 

    <Files *.php>
allow from all
</Files>

    I’m not sure, because I didn’t thoroughly test, where this file would precisely be needed for Adminer to run. I just placed it top level, which suffices but may not be the best place needed.

    Maybe you can look into it?
    Just wanted to update you.

    The disallowing of php execution by default or globally is recommended by Sucuri and others.

    https://wordpress.org/plugins/adminer/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Frank Bueltge

    (@bueltge)

    8 years, 10 months ago

    The project have a htaccess now inside, maybe this helps. Thanks your feedback!

    Thread Starter brand-dedication

    (@brand-dedication)

    8 years, 10 months ago

    No problem, you’re welcome!

    And thanks!

    AITpro

    (@aitpro)

    8 years, 10 months ago

    The disallowing of php execution by default or globally is recommended by Sucuri and others.

    Yes, that is a good thing, but anytime you create something that can block good/legitimate things accidently you also should create whitelisting capability to whitelist good/legitimate things that are being blocked by accident.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Compatibility with secure .htaccess recommendations’ is closed to new replies.