WordPress creates over night a .htaccess file
That sounds odd. Did you happen to save a copy of that you could post here?
Order allow,deny
deny from all
Thanks!
WordPress is not the culprit there since it does not write security code. What you have there is being written by something else such as a plugin.
Thank you. I have only a few plugins installed. How can I check which one is the bad guy? Simply by deactivating one of them?
Deactivating a plugin will not likely un-do something like that even if it is from a plugin. But what you could do is to remove the undesirable lines and then change your .htaccess permissions to 0404 so no plugin or even WordPress can write to that file and then watch to see who or what might complain.
Thanks leejosepho,
I know that deactivating will not undo it. I thought a workaround could be:
1. deleting the created .htaccess file in uploads
2. deactivate all plugins
3. activate the plugins one by one to see which one of them creates the .htaccess file
But anyways … the idea to set the permissions to 0404 is also a good idea. Will try it.
Thanks in advance.
Yes, deactivation is optional, and having tight permissions there is a good idea anyway.
If you wish, you also can set index.php, wp-blog-header.php and wp-config.php all the way down to 0400 (recommended by BulletProof Security) to protect them without affecting site function.
Oh thank you! Great idea.
Will do this, when the site goes finally online.
I will push an update, if your hints work …
Thanks in advance.
