Forum Topic: Simple htaccess languages files

Forum: .htaccess Forum : WordPress • Posted by Leon Fernandez • Updated:

I have been playing around with wordpress in the last couple of months (very different but interesting from what I was used to) and I found out that you can directly access language files (mo, po and pot) thru http, where all the source is shown, and I believe it could be a potential security breach depending on the plugin, theme or even core you are using, since it is open it can show some config options directly on screen for hackers to test things (ruotes, files and vars).

I tested this code and it works to block direct access to those files in a given directory in case it is useful for somebody:

#Block direct access to language files
<FilesMatch "^.*\.(mo|po|pot)$">
	<IfModule !mod_authz_core.c>
		Deny from all
	</IfModule>
	<IfModule mod_authz_core.c>
		Require all denied
	</IfModule>
</FilesMatch>

... Aufwiedersehen... happy Pressing...

PS: Jeff... My avatar was missing when I logged in, had to re-upload it, I think it has to do with the ssl you recently implemented, just informing.