.htaccess security OLS, Google Cloud Platform and WordPress


New Member
Hi, I'm using Wordpress with the Wordfence security plugin.

I'm getting a Wordfence msg that www.example.com/.user.ini is publicly accessible.

I've tried adding the following to .htaccess

<FilesMatch "\.(htaccess|htpasswd|log|ini)$">
Order Allow,Deny
Deny from all

that didn't work, so then this:

RewriteRule ^.*\.(log|ini|txt)$ - [F,L,NC]

and restarted OLS, but the file is still available.

Additionally, is there a guide on setting up .htaccess rules for Wordpress, OLS and GCP? It would be very helpful.

Last edited:


New Member
Should the rule be inserted into this block?

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
eg here? RewriteRule ^.*\.(log|ini|txt)$ - [F,L,NC]
RewriteRule . /index.php [L]

# END WordPress