There I am trying

Hi There

I am trying to secure my site using Defender and I am running up against an issue.
It relates to 'Prevent Information Disclosure'.

The instruction indicates the code must be added 'inside the server section'. However I seem unable to admit in the correct place to make it work.

Could you please advise how I can get this working please?

Support access is open to you.

Thanks

Alex

  • Predrag Dubajic

    Hey Alex,

    With support access we can only access WP admin section, we don't have access to server files in order to make this change for you, so could you tell us a bit more info about what part is not clear?

    Have you located your .conf file?

    If you did, do you see this line in the file?
    location ~ \.php$ {

    If you found that then paste this code above it:

    ## WP Defender - Prevent information disclosure ##
    				# Turn off directory indexing
    autoindex off;
    
    # Deny access to htaccess and other hidden files
    location ~ /\. {
      deny  all;
    }
    
    # Deny access to wp-config.php file
    location = /wp-config.php {
      deny all;
    }
    
    # Deny access to revealing or potentially dangerous files in the /wp-content/ directory (including sub-folders)
    location ~* ^/wp-content/.*\.(txt|md|exe|sh|bak|inc|pot|po|mo|log|sql)$ {
      deny all;
    }
    				## WP Defender - End ##

    Best regards,
    Predrag

  • Alex

    Hi Predrag

    Thanks for getting back to me so quickly.

    Below in the nginx.conf file contents:

    # Turn off dir indexing
    autoindex off;
    
    # Deny access to htaccess and other hidden files
    location ~ /\. {
      deny  all;
    }
    
    # Deny access to wp-config.php file
    location = /wp-config.php {
      deny all;
    }
    
    # Deny access to revealing or potentially dangerous files in the /wp-content/ directory (including sub-folders)
    location ~* ^/wp-content/.*\.(txt|md|exe|sh|bak|inc|pot|po|mo|log|sql)$ {
      deny all;
    }
                                    ## WP Defender - End ##
    
    location ~ \.php$ {
    
    user  n
    worker_processe
    
    #error_log  /var/log/nginx/error.log;
    #error_log  /var/log/nginx/error.log  notice;
    #error_log  /var/log/nginx/error.log  info;
    
    #pid        /var/run/nginx.pid;
    
    include /etc/nginx/modules.conf.d/*.conf;
    
    events {
        worker_connections  1024;
    }
    
    http {
        include       mime.types;
        default_type  application/octet-stream;
    
        #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
        #                  '$status $body_bytes_sent "$http_referer" '
        #                  '"$http_user_agent" "$http_x_forwarded_for"';
    
        #access_log  /var/log/nginx/access.log  main;
    
        sendfile        on;
        #tcp_nopush     on;
    
        #keepalive_timeout  0;
        keepalive_timeout  65;
        #tcp_nodelay        on;

    I hope this shed's some light on why it isn't working?

    Thanks

    Alex

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.