Add option to deny access to .well-known folder

Is it possible to add an option to deny access to the .well-known folder?

  • Rupok
    • Support Ninja

    Hi Neil Batchelor,

    Can you tell us what type of access are you trying to revoke? For example, if you have a cPanel, then anyone having access to your cPanel will have access to that .well-known directory. But if you are referring to web access, then you can follow this guide to revoke access to that directory with .htaccess file:

    I believe, this will help. Please let us know if you have any confusion. We will be glad to help.

    Have a nice day. Cheers!


  • Neil Batchelor
    • Site Builder, Child of Zeus

    Sorry this was raised by support after a chat but didn’t quite summarise the issue.

    The problem that I have found is that the Prevent Information Disclosure option in WP Defender adds the rules:

    ## WP Defender - Prevent information disclosure ##
    <FilesMatch ".(txt|md|exe|sh|bak|inc|pot|po|mo|log|sql)$">
    Order allow,deny
    Deny from all
    <Files robots.txt>
    Allow from all
    ## WP Defender - End ##

    When the AutoSSL feature in Cpanel is trying to verify the domain it adds a .txt file to the .well-known folder. As this request is blocked by the Defender rule the SSL Cert setup fails.

    So my questions is… Can WP Defender add the rule in such a way that the .well-known folder is excluded from the Prevent Information Disclosure rule?

  • Rupok
    • Support Ninja

    Hello Neil Batchelor,

    I’m so sorry. I should have checked the chat conversation first.

    Yes, this is a very nice suggestion for the Defender plugin. I hope more people will vote for this idea here. And more people liking this idea, more chances our developers will work on this and will include this feature in our future releases.

    +1 from me.

    Have a nice day. Cheers!


Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.