Security

Enhancing Security for License Manager for WooCommerce

Folder Protection Details

When the plugin is activated, it creates a .htaccess file in the directory:
wp-content/uploads/lmfwc-files

• This file blocks direct browser access to the folder, ensuring your cryptographic secrets remain private.
• Important Note:If your server uses NGINX instead of Apache, the .htaccess file will be ignored.To secure the directory in this case, you can manually create an NGINX directive.

Moving Cryptographic Secrets to wp-config.php Recommended

For enhanced security and better performance, it’s advised to move cryptographic secrets to your wp-config.php file. This reducesserver requests and safeguards these critical secrets.

Steps to Move Secrets to wp-config.php:

• Access the wp-config.php File: Locate this file in the root directory of your WordPress installation.
• Add the Following Lines:
  Php Code:
  define(‘LMFWC_PLUGIN_SECRET’, ‘secret.txt’);
  define(‘LMFWC_PLUGIN_DEFUSE’, ‘defuse.txt’);
• Replace secret.txt and defuse.txt with the actual contents of these files.
• Create a Backup: Save backups of both secret.txt and defuse.txt in a secure location.
• Delete the lmfwc-files Directory: After confirming the contents have been successfully added to wp-config.php, delete the directory:
  wp-content/uploads/lmfwc-files