From 0a6871bee48cfc3576dd3b51e2ea146ea906d1e7 Mon Sep 17 00:00:00 2001
From: Julien Loizelet <julienloizelet@okaeli.com>
Date: Thu, 12 Dec 2024 10:32:20 +0900
Subject: [PATCH] fix(security): Update .htaccess 403 directives

---
 .htaccess    | 6 +++---
 CHANGELOG.md | 4 ++++
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/.htaccess b/.htaccess
index 59a6a5ec..b63fb497 100644
--- a/.htaccess
+++ b/.htaccess
@@ -1,3 +1,3 @@
-Redirectmatch 403 wp-content/plugins/crowdsec/logs/
-Redirectmatch 403 wp-content/plugins/crowdsec/.cache/
-Redirectmatch 403 wp-content/plugins/crowdsec/inc/standalone-settings
\ No newline at end of file
+Redirectmatch 403 wp-content/uploads/crowdsec/logs/
+Redirectmatch 403 wp-content/uploads/crowdsec/cache/
+Redirectmatch 403 wp-content/plugins/crowdsec/inc/standalone-settings
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 93f21e66..42110193 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -19,6 +19,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Make some fields required when necessary in the settings page (LAPI URL, Api key if authentication type is Api key, etc.)
 - Update the standalone settings file if the file is already present (even if the setting is disabled)
 
+### Fixed
+
+- Fix `.htaccess` directives
+
 ---
 
 ## [2.6.7](https://github.com/crowdsecurity/cs-wordpress-bouncer/releases/tag/v2.6.7) - 2024-07-26