BulletProof Security
[resolved] Is this necessary? (3 posts)

  1. Diesel12
    Posted 3 years ago #

    Prior to BP security, we had the following in our .htacess:

    # Prevents people from surfing for .htaccess
    <Files .htaccess>
    order allow,deny
    deny from all

    But noticed that among other things, BP Security has:

    <FilesMatch "^(wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php)">
    Order allow,deny
    Deny from all

    Is there still any need for the first file or allow / deny file for .htaccess?



  2. AITpro
    Plugin Author

    Posted 3 years ago #

    FilesMatch is actually the better method to protect multiple files and the reason i have not included .htaccess in that FilesMatch list is because this security rule already protects ALL Protected Server files that begin with a dot. So no there is no need to add the Files .htaccess rule into your root .htaccess file.

    # DENY ACCESS TO PROTECTED SERVER FILES - .htaccess, .htpasswd and all file names starting with dot
    RedirectMatch 403 /\..*$
  3. Diesel12
    Posted 3 years ago #

    I figured it was in there somewhere already, but missed it .... thank you for the fast response!!! Much appreciated. :)

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic


No tags yet.