How to Hide .user.ini File in WordPress (Nginx)

Posted on

The .user.ini file in WordPress which is usually auto-generated by a security plugin like WordFence can contain sensitive information. This file should not be publicly accessible.

Hiding here means blocking public access to the .user.ini file. And the methods described here are specific to the Nginx web server.

  1. Open your Nginx configuration file on the server, usually located at /usr/local/nginx/conf/conf.d/ and or /usr/local/nginx/conf/conf.d/
  2. Edit to include the following code:
    location ~ ^/\.user\.ini {
             deny all;
  3. If your WordPress installation folder is in a sub-directory then use the following code:
    location ~ ^/wordpress/\.user\.ini {
             deny all;
  4. Save the Nginx configuration file that you have edited.
  5. Restart your server by using the command service nginx restart.
  6. Check the accessibility of the .user.ini file on your website by visiting the address
  7. If it looks like below then your configuration is successful.
    How to Hide User.ini File In WordPress Nginx 1

Another alternative is to use the following code:

location ~ /\. { 
        access_log off; 
        log_not_found off; 
        deny all; 
Read :   Get to know Najma, the Cruel and Ambitious Villain in MS Marvel
Gravatar Image
I am a person who likes to write and make information related to fruits, because I like and have a mango garden.