[Plugin: BulletProof Security] Is this necessary?

  • Resolved Trace

    (@diesel12)


    11 years, 11 months ago

    Prior to BP security, we had the following in our .htacess:

    # Prevents people from surfing for .htaccess
    <Files .htaccess>
    order allow,deny
    deny from all
    </Files>

    But noticed that among other things, BP Security has:

    <FilesMatch “^(wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php)”>
    Order allow,deny
    Deny from all
    </FilesMatch>

    Is there still any need for the first file or allow / deny file for .htaccess?

    Thanks

    http://wordpress.org/extend/plugins/bulletproof-security/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author AITpro

    (@aitpro)

    11 years, 11 months ago

    FilesMatch is actually the better method to protect multiple files and the reason i have not included .htaccess in that FilesMatch list is because this security rule already protects ALL Protected Server files that begin with a dot. So no there is no need to add the Files .htaccess rule into your root .htaccess file.

    # DENY ACCESS TO PROTECTED SERVER FILES - .htaccess, .htpasswd and all file names starting with dot
RedirectMatch 403 /\..*$
    Thread Starter Trace

    (@diesel12)

    11 years, 11 months ago

    I figured it was in there somewhere already, but missed it …. thank you for the fast response!!! Much appreciated. 🙂

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘[Plugin: BulletProof Security] Is this necessary?’ is closed to new replies.