iThemes Security (formerly Better WP Security)
[resolved] Fix for severall breaks (2 posts)

  1. Xéfir
    Posted 3 years ago #


    In the .htaccess file, you forbid the use of the log world (and others) ... Very bad idea.

    Why ? Because some plugins and permalinks use this ! Exemples :

    JetPack for wordpress has an option to use a custom css an the url do something like this : http://site.com/?custom-css=1&csblog=1&cscache=6&csrev=60

    "cssblog" contains the "log" world and this URL will be forbidden.

    Other exemple, Theme My Login is a addon who customize the default profile of wordpress, and the URL change a little if you enable permalinks : http://site.com/login/?action=profile

    Here, the world "login" contains "log" and will also be blocked.

    But, in all case, this is not a great feature.
    Instead of forbid the "log" world, why don't you block the ".log" world, because it's generally the search term.
    You can do it for all other world.

    Replace this :
    RewriteCond %{QUERY_STRING} ^.*(bash|git|hg|log|svn|swp|cvs) [NC,OR]
    by :
    RewriteCond %{QUERY_STRING} ^.*\.(bash|git|hg|log|svn|swp|cvs) [NC,OR]
    in line 582 and line 608 of inc/admin/common.php in the latest version of Better WP Security.
    Save settings in Security > System Tweaks and the new content will be written in .htaccess file.

    Hope it might help.
    Xéfir Destiny


  2. Excellent point. I've already committed it to the dev version in trunk.

    Thank you!

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic


No tags yet.