Reply To: Attack against wp-config.php~ (with a tilde)
Thanks t31os. I don’t have any file ending with tilde. I am just trying to educate myself to best protect the WP installation.
View ArticleReply To: Attack against wp-config.php~ (with a tilde)
You should check the module is available first, not just assume it is.. <IfModule mod_rewrite.c> # rule </IfModule> https://httpd.apache.org/docs/2.0/mod/core.html#ifmodule
View ArticleReply To: Attack against wp-config.php~ (with a tilde)
That’s the entire thing that goes in the .htaccess file, just the two lines. The first line enables Apache’s “RewriteEngine” if it’s not already on. The second looks for filenames ending in “.php~”,...
View ArticleReply To: Attack against wp-config.php~ (with a tilde)
You should wrap that in a module check. <IfModule mod_rewrite.c> RewriteEngine On RewriteRule \.php~$ - [F,L] </IfModule> And place it above the WordPress rules in the htaccess file, but...
View ArticleReply To: Attack against wp-config.php~ (with a tilde)
Thanks a lot tigertech. RewriteEngine On RewriteRule \.php~$ – [forbidden,last] As I am not a programmer, dev,or designer, I just want to make sure if this is the complete snippet. If this is not...
View ArticleReply To: Attack against wp-config.php~ (with a tilde)
What would be the snippet? Oh, you could do something like this: RewriteEngine On RewriteRule \.php~$ - [forbidden,last]
View ArticleReply To: Attack against wp-config.php~ (with a tilde)
Hi tigertech, Thanks for sharing. Good info. .htaccess rules could include a line to forbid requests for “.php~” files. How? What would be the snippet? I use my own .htaccess in the root folder of WP,...
View ArticleAttack against wp-config.php~ (with a tilde)
I work at a hosting company where one of our customer’s WordPress sites was hacked today. It was done by a “hacker” who discovered the WordPress database password due to an unfortunate user error. The...
View Article