-
- 4 Posts
I upgraded through softalacous. When I saw this thread, I informed my host because this bug seems like it should be patched by either the host installer, or yours.
Why can't the installer fix this problem? Is that itself a security issue? they can at least give you better instructions. It tells you that renaming the access file works, and it doesn't work because the .htaccess file doesn't contain the right code.
-
- 70 Posts
I agree with samkatz - it's frustrating that the supplied code in the /core/ht.access file doesn't work out of the box when renaming it - surely they could provide the correct code?
I also think the installation / upgrade process needs to be re-written and improved, if putting the /core folder outside the public_html folder is so important for security.
-
- 51 Posts
Bump. This really should be resolved. Has it been marked as a bug?
-
- 8 Posts
I change core folder permissions from 755 to 750 and the warning goes away. Not sure though if permissions 750 are ok.
-
- 51 Posts
BTW, while moving the core folder might be a best, most secure practice, some of us have to deal with Softaculous installs and updates and I think that moving the core folder would be hard--if not impossible--for Softaculous to maintain. My non-technical clients like the peace of mind that they can perform backups and restores using Softaculous, and moving the core folder would just destabilize their setups.
-
- 51 Posts
And how do we remove the "Answered" Flag to this thread? It's clearly not a satisfactory answer.
-
- 1,145 Posts
span.tag.solved{
display: none !importantissimus;
position:fixed !importantissimus;
top: -99999999 !importantissimus;
left: -99999999 !importantissimus;
visibility: hidden !importantissimus;
opacity: -99999999 !importantissimus;
}
or
$("span.tag.solved").remove()
TinymceWrapper: Complete back/frontend content solution.
Harden your MODX site by
passwording your three main folders:
core, manager, connectors and renaming your
assets (thank me later!)
5 ways to sniff / hack your own sites; even with renamed/hidden folders, burst them all up, to see how secure you are not.