.htaccess security OLS, Google Cloud Platform and WordPress

[dm5n]

Hi, I'm using Wordpress with the Wordfence security plugin.

I'm getting a Wordfence msg that www.example.com/.user.ini is publicly accessible.

I've tried adding the following to .htaccess

<FilesMatch "\.(htaccess|htpasswd|log|ini)$">
Order Allow,Deny
Deny from all
</FilesMatch>

that didn't work, so then this:

RewriteRule ^.*\.(log|ini|txt)$ - [F,L,NC]

and restarted OLS, but the file is still available.

Additionally, is there a guide on setting up .htaccess rules for Wordpress, OLS and GCP? It would be very helpful.

Thanks.

 

[dm5n]

Should the rule be inserted into this block?

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
eg here? RewriteRule ^.*\.(log|ini|txt)$ - [F,L,NC]
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

 

[Cold-Egg]

@dm5n ,

Your rule should work, please try to move "RewriteRule ^.*\.(log|ini|txt)$ - [F,NC] " to the top of the .htaccess, let us know if it works.

 

[dm5n]

Thanks I added it as you prescribed and the www.example.com/.user.ini now redirects to a 404 msg.