WordPress Toolkit Security

Operating System & Version
linux
cPanel & WHM Version
92.0.11
H

HansonC

Registered
Feb 21, 2021
1
0
1
Malaysia
cPanel Access Level
Website Owner
Hi, I'm using WordPress Tookit Deluxe.

I've enabled some security options but where are the security settings/ additional files added to?

For example:
"Block unauthorized access to wp-config.php"

I have manually entered the following code in the htaccess file and WordPress Tookit managed to detect that I've blocked access to wp-config.php :

# No access to wp-config.php
<Files wp-config.php>
Order allow,deny
Deny from all
</Files>

But on a separate installation, if I DO NOT manually include the snippet in the htaccess file and use the "Secure" option provided in WordPress Toolkit, I do not see the changes made in the htaccess file although it shows that the fix is applied. In other words, shouldn't I be able to SEE the above code snippet within the htaccess file?

As for security enhancements such as to "Forbid execution of PHP scripts in the wp-content/uploads directory", I would 'traditionally' be uploading a htaccess file to that directory containing this code snippet:

<Files *.php>
deny from all
</Files>

The new htaccess file isn't there when I secure the directory through WordPress Tookit although it shows that it's secured. In case someone asks, yes, I have enabled the option to "Show Hidden Files (dotfiles)" within cPanel's File Manager.

Please advise. Thank you so much in advance!
 
Last edited by a moderator:
cPRex

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
3,186
398
243
cPanel Access Level
Root Administrator
Hey there! WordPress Toolkit uses an Apache include file unique to the user's vhost to write the changes. For example, for "domain.com" it would use the file here:

Code: 
/etc/apache2/conf.d/userdata/std/2_4/forty/domain.com/wp-toolkit.conf
/etc/apache2/conf.d/userdata/ssl/2_4/forty/domain.com/wp-toolkit.conf
Inside the file you'll see comments with the name of the security option, such as this:

Code: 
    # "Disable PHP execution in cache directories"
    # "Block access to .htaccess and .htpasswd"
    # "Enable bot protection"
Let me know if that helps!
 
cPRex

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
3,186
398
243
cPanel Access Level
Root Administrator
Disable scripts concatenation for WordPress admin panel will also add define('CONCATENATE_SCRIPTS', false); to wp-config.php

Turn off pingbacks - is enabled/disabled by wp-cli. Changes can be found inside Wordpress database("default_ping_status" and "default_pingback_flag" option names inside "wp_options" table).

I just wanted to add that update as those things don't get written to the include.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
I Wordpress Toolkit Failed Clone Product Extensions 1
I Wordpress Toolkit Update Frequency Product Extensions 4
B Wordpress Toolkit update notifications Product Extensions 2
T Wordpress toolkit clone failed Product Extensions 3
B One cPanel Solo license / WordPress Toolkit question Product Extensions 2
Similar threads
Wordpress Toolkit Failed Clone
Wordpress Toolkit Update Frequency
Wordpress Toolkit update notifications
Wordpress toolkit clone failed
One cPanel Solo license / WordPress Toolkit question
Top Bottom