Protect WP Uploads Folder with BPS
-
Hello,
i would like to know, if its possible to protect also the WP Uploads Folder with BPS Plugin?
For instance, is it possible to just create hta File and add this:
# BPS mod_access_compat # Allow,Deny # First, all Allow directives are evaluated. At least one must match, or the request is rejected. # Next, all Deny directives are evaluated. If any matches, the request is rejected. # Last, any requests which do not match an Allow or a Deny directive are denied by default. # # Deny,Allow # First, all Deny directives are evaluated. If any match, the request is denied unless # it also matches an Allow directive. Any requests which do not match any Allow or Deny directives are permitted. # # *Match* -------------------- *Allow,Deny result* -------------------- *Deny,Allow result* # Match Allow only ----------- Request allowed ------------------------ Request allowed # Match Deny only ------------ Request denied ------------------------- Request denied # No match ------------------- Default to second directive: Denied ---- Default to second directive: Allowed # Match both Allow & Deny ---- Final match controls: Denied ----------- Final match controls: Allowed # # NOTE: The zip file extension can be added to block remote access or execution of zip files, several plugins create # create either temporary or permanent zip files in the uploads folder. This may block those plugins from being # able to create zip files in your uploads folder. # # BEGIN WHITELIST # Examples of whitelisting are commented out below. To create whitelist rules you would delete the # sign in front # of the whitelist rule you want to use, add the actual filename or folder name you want to whitelist and also # delete the # sign in front of #Allow from env=whitelist. # Whitelist a specific js file in the uploads folder: example.js #SetEnvIf Request_URI "example.js$" whitelist # Whitelist an entire folder in the uploads folder: /uploads/example-folder/ #SetEnvIf Request_URI "example-folder/.*$" whitelist # END WHITELIST # # FORBID THESE FILE EXTENSIONS FROM BEING ACCESSED OR EXECUTED REMOTELY <FilesMatch "\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|rar|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|vb|vbe|vbs|war|ws|wsf|xhtml|xml|z)$"> Order Allow,Deny #Allow from env=whitelist Deny from all </FilesMatch> # FORBID PHP FILES DISGUISED AS AN IMAGE FILE - example.php.jpg - example.PHP.jpg <FilesMatch "\.(php|PHP|\.+(php)|\.+(PHP)).*$"> Order Allow,Deny #Allow from env=whitelist Deny from all </FilesMatch>Thx
Best regards
Sally
Viewing 5 replies - 1 through 5 (of 5 total)
Viewing 5 replies - 1 through 5 (of 5 total)
- The topic ‘Protect WP Uploads Folder with BPS’ is closed to new replies.
