Protecting NinjaFirewall's PHP INI file.



If your installation of NinjaFirewall requires a PHP INI file (php.ini, .user.ini, php5.ini) you may need to deny access to it, depending on your webserver configuration.

Apache HTTP server

You can edit (or create) the .htaccess file located inside the same directory as your INI file:

<IfModule mod_rewrite.c>
   RewriteEngine On
   RewriteRule \.ini$ - [F,L]

Note: There is no need to protect the .htaccess, because Apache will never serve a file whose name starts with .ht.

Nginx HTTP server

Edit your vhost configuration file and add the following directive inside the server{...} section:

server {
   location ~ \.ini$ {
      return 444;

Note: 444 is a special nginx's non-standard code that will shut down the connection without returning any HTTP response.

Reload your Nginx server:

service nginx reload


A powerful antivirus
scanner for WordPress.


Website Monitoring
for just .99 per month.


Web Application Firewall
for PHP and WordPress.


Malware removal
and hacking recovery.

Table of contents