fix(security): Use root htaccess to avoid files deletion in subfolder during plugin update

Author: julienloizelet

.cache/.gitignore

@@ -1,3 +1,2 @@
 *
 !.gitignore
-!.htaccess

.cache/.htaccess

@@ -0,0 +1,4 @@
+Redirectmatch 403 wp-content/plugins/crowdsec/logs/
+Redirectmatch 403 wp-content/plugins/crowdsec/.cache/
+Redirectmatch 403 wp-content/plugins/crowdsec/tls/
+Redirectmatch 403 wp-content/plugins/crowdsec/geolocation/

.htaccess

@@ -5,6 +5,17 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en)
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 
+## [2.3.1](https://github.com/crowdsecurity/cs-wordpress-bouncer/releases/tag/v2.3.1) - 2023-04-06
+[_Compare with previous release_](https://github.com/crowdsecurity/cs-wordpress-bouncer/compare/v2.3.0...v2.3.1)
+
+### Fixed
+
+- Use root `.htaccess` instead of multiple subfolders `.htaccess`
+
+
+---
+
+
 ## [2.3.0](https://github.com/crowdsecurity/cs-wordpress-bouncer/releases/tag/v2.3.0) - 2023-04-06
 [_Compare with previous release_](https://github.com/crowdsecurity/cs-wordpress-bouncer/compare/v2.2.0...v2.3.0)
 

CHANGELOG.md

@@ -4,7 +4,7 @@
  * Plugin URI: https://github.com/crowdsecurity/cs-wordpress-bouncer
  * Description: Safer Together. Protect your WordPress application with CrowdSec.
  * Tags: crowdsec-bouncer, wordpress, security, firewall, captcha, ip-scanner, ip-blocker, ip-blocking, ip-address, ip-database, ip-range-check, crowdsec, ban-hosts, ban-management, anti-hacking, hacker-protection, captcha-image, captcha-generator, captcha-generation, captcha-service
- * Version: 2.3.0
+ * Version: 2.3.1
  * Author: CrowdSec
  * Author URI: https://www.crowdsec.net/
  * Github: https://github.com/crowdsecurity/cs-wordpress-bouncer
@@ -13,7 +13,7 @@
  * Requires PHP: 7.2
  * Requires at least: 4.9
  * Tested up to: 6.2
- * Stable tag: 2.3.0
+ * Stable tag: 2.3.1
  * Text Domain: crowdsec-wp
  * First release: 2021.
  */

crowdsec.php

@@ -530,16 +530,13 @@ server {
 
 #### Apache
 
-If you are using Apache, these folders already contain the required `.htaccess` file: 
+If you are using Apache, the plugin root folder already contain the required `.htaccess` file: 
 
 ```
-<IfVersion < 2.4>
-    order allow,deny
-    deny from all
-</IfVersion>
-<IfVersion >= 2.4>
-    Require all denied
-</IfVersion>
+Redirectmatch 403 wp-content/plugins/crowdsec/logs/
+Redirectmatch 403 wp-content/plugins/crowdsec/.cache/
+Redirectmatch 403 wp-content/plugins/crowdsec/tls/
+Redirectmatch 403 wp-content/plugins/crowdsec/geolocation/
 ```
 
 So you don't have to do anything more.

docs/USER_GUIDE.md

@@ -1,3 +1,2 @@
 *
 !.gitignore
-!.htaccess

geolocation/.gitignore

@@ -20,7 +20,7 @@ class Constants extends LibConstants
     public const LOG_BASE_PATH = __DIR__ . '/../logs/';
     public const CACHE_PATH = __DIR__ . '/../.cache';
     public const CONFIG_PATH = __DIR__ . '/standalone-settings.php';
-    public const VERSION = 'v2.3.0';
+    public const VERSION = 'v2.3.1';
     public const GEOLOCATION_DIR = __DIR__ . '/../geolocation';
     public const TLS_DIR = __DIR__ . '/../tls';
 }

geolocation/.htaccess

@@ -1,3 +1,2 @@
 *
-!.gitignore
-!.htaccess
+!.gitignore