Support » Plugin: iThemes Security (formerly Better WP Security) » Fix for severall breaks

  • Resolved Xéfir



    In the .htaccess file, you forbid the use of the log world (and others) … Very bad idea.

    Why ? Because some plugins and permalinks use this ! Exemples :

    JetPack for wordpress has an option to use a custom css an the url do something like this :

    “cssblog” contains the “log” world and this URL will be forbidden.

    Other exemple, Theme My Login is a addon who customize the default profile of wordpress, and the URL change a little if you enable permalinks :

    Here, the world “login” contains “log” and will also be blocked.

    But, in all case, this is not a great feature.
    Instead of forbid the “log” world, why don’t you block the “.log” world, because it’s generally the search term.
    You can do it for all other world.

    Replace this :
    RewriteCond %{QUERY_STRING} ^.*(bash|git|hg|log|svn|swp|cvs) [NC,OR]
    by :
    RewriteCond %{QUERY_STRING} ^.*\.(bash|git|hg|log|svn|swp|cvs) [NC,OR]
    in line 582 and line 608 of inc/admin/common.php in the latest version of Better WP Security.
    Save settings in Security > System Tweaks and the new content will be written in .htaccess file.

    Hope it might help.
    Xéfir Destiny

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Fix for severall breaks’ is closed to new replies.