.htaccess security OLS, Google Cloud Platform and WordPress

dm5n

New Member
#1
Hi, I'm using Wordpress with the Wordfence security plugin.

I'm getting a Wordfence msg that www.example.com/.user.ini is publicly accessible.

I've tried adding the following to .htaccess

<FilesMatch "\.(htaccess|htpasswd|log|ini)$">
Order Allow,Deny
Deny from all
</FilesMatch>

that didn't work, so then this:

RewriteRule ^.*\.(log|ini|txt)$ - [F,L,NC]

and restarted OLS, but the file is still available.

Additionally, is there a guide on setting up .htaccess rules for Wordpress, OLS and GCP? It would be very helpful.

Thanks.
 
Last edited:

dm5n

New Member
#2
Should the rule be inserted into this block?

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
eg here? RewriteRule ^.*\.(log|ini|txt)$ - [F,L,NC]
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
 
Top