This is a cool little security piece I learned quite some time ago but it continues to be beneficial: I use emacs as my editor of choice, when editing files it makes a backup that has a ~ added to the extension. Some time ago I learned that malware looks for these backup files on common configs like wp-config.php~ in order to get things like sensitive password files or configs that contain credentials. In order to protect against any accidental leakage like this I use the Files Directive in Apache to block this type of files and other configs, I typically add this in to the main config so it applies to any sites on the server and not just one site.

<Files ~ “~$”>
Order allow,deny
Deny from all
Satisfy All
</Files>

I’ve also used a similar rule for files with the .inc extension (typical include files):

<Files ~ “.inc$”>
Order allow,deny
Deny from all
Satisfy All
</Files>

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.