Wordfence critical issue: Publicly accessible config, backup, or log file found: .user.ini

Keywords: WordPress + NGINX + SSL - Google Cloud Platform - Technical issue - Permissions
Description:
Hi, Wordfence plugin in my site has that issue.

1- Is it really critical? Does it affect any security of my site?
2- How to change the file’s permission?

Thanks in advanced.

Hi @chuong.lth,

I just installed the Wordfence plugin and checked that I can’t access any information inside the wp-content/plugins/wordfence/ from the web browser, could you please let us know how to reproduce this?

I also got a “Forbidden” error message when accessing the lib or tmp folders inside the plugin’s one.

Thanks,
Jota

Hi, this is the screenshot that wf produce when scanning.

Hi @chuong.lth,

I just tried to reproduce the issue but I didn’t receive that error message when running the scan in a fresh instance

Did you create those files somehow? We have a Support Tool that will gather relevant information for us to debug the issue. Could you please download and execute it on the machine where the stack is running by following the steps described in the guide below?

How to Run the Bitnami Support Tool

Please note that you need to paste the code outputted by the tool in your reply.

Hi, this is the support bundle code: 286fdd9a-aac3-ac4f-58e3-57a7ead20f1e

Hi @chuong.lth,

I created a sample .user.ini file inside the htdocs folder and reproduced the issue you reported. The official documentation of Wordfence explains the following

If you know that the file is not needed by your site, you can simply remove the file. If you use it somehow, add this block of code at the end of the /opt/bitnami/apps/wordpress/conf/nginx-app.conf file

location ~ \.user\.ini$ {
              deny all;
}

then restart NGINX

sudo /opt/bitnami/ctlscript.sh restart nginx

Happy to help!


Was my answer helpful? Click on :heart:

1 Like

Thank you for helping this matter, I will let wordfence run for few days to see if the problem still happen.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.