Support » Plugin: BulletProof Security » [Plugin: BulletProof Security] Is this necessary?

  • Resolved Diesel12


    Prior to BP security, we had the following in our .htacess:

    # Prevents people from surfing for .htaccess
    <Files .htaccess>
    order allow,deny
    deny from all

    But noticed that among other things, BP Security has:

    <FilesMatch “^(wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php)”>
    Order allow,deny
    Deny from all

    Is there still any need for the first file or allow / deny file for .htaccess?


Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author AITpro


    FilesMatch is actually the better method to protect multiple files and the reason i have not included .htaccess in that FilesMatch list is because this security rule already protects ALL Protected Server files that begin with a dot. So no there is no need to add the Files .htaccess rule into your root .htaccess file.

    # DENY ACCESS TO PROTECTED SERVER FILES - .htaccess, .htpasswd and all file names starting with dot
    RedirectMatch 403 /\..*$

    I figured it was in there somewhere already, but missed it …. thank you for the fast response!!! Much appreciated. 🙂

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘[Plugin: BulletProof Security] Is this necessary?’ is closed to new replies.