WordPress Toolkit Security
Hi, I'm using WordPress Tookit Deluxe.
I've enabled some security options but where are the security settings/ additional files added to?
For example:
"Block unauthorized access to wp-config.php"
I have manually entered the following code in the htaccess file and WordPress Tookit managed to detect that I've blocked access to wp-config.php :
# No access to wp-config.php
Order allow,deny
Deny from all
But on a separate installation, if I DO NOT manually include the snippet in the htaccess file and use the "Secure" option provided in WordPress Toolkit, I do not see the changes made in the htaccess file although it shows that the fix is applied. In other words, shouldn't I be able to SEE the above code snippet within the htaccess file?
As for security enhancements such as to "Forbid execution of PHP scripts in the wp-content/uploads directory", I would 'traditionally' be uploading a htaccess file to that directory containing this code snippet:
deny from all
The new htaccess file isn't there when I secure the directory through WordPress Tookit although it shows that it's secured. In case someone asks, yes, I have enabled the option to "Show Hidden Files (dotfiles)" within cPanel's File Manager.
Please advise. Thank you so much in advance!
-
Hey there! WordPress Toolkit uses an Apache include file unique to the user's vhost to write the changes. For example, for "domain.com" it would use the file here: /etc/apache2/conf.d/userdata/std/2_4/forty/domain.com/wp-toolkit.conf /etc/apache2/conf.d/userdata/ssl/2_4/forty/domain.com/wp-toolkit.conf
Inside the file you'll see comments with the name of the security option, such as this:# "Disable PHP execution in cache directories" # "Block access to .htaccess and .htpasswd" # "Enable bot protection"
Let me know if that helps!0 -
Disable scripts concatenation for WordPress admin panel will also add define('CONCATENATE_SCRIPTS', false); to wp-config.php Turn off pingbacks - is enabled/disabled by wp-cli. Changes can be found inside Wordpress database("default_ping_status" and "default_pingback_flag" option names inside "wp_options" table). I just wanted to add that update as those things don't get written to the include. 0
Please sign in to leave a comment.
Comments
2 comments