<FilesMatch ".*\.(?i:phtml|php|PHP)$">
Order Allow,Deny
Allow from all
</FilesMatch>
This is for a WordPress site. I don’t know if the theme require this file to work or why is detected as a virus file.
Can you explain to me?
<FilesMatch ".*\.(?i:phtml|php|PHP)$">
Order Allow,Deny
Allow from all
</FilesMatch>
This is for a WordPress site. I don’t know if the theme require this file to work or why is detected as a virus file.
Can you explain to me?
This explicitly allows HTTP access to files with one of those suffixes – which one usually rather would not want. (In a WP environment, all functionality should be triggered via the router, not by accessing any PHP scripts via URL directly.) Wether your theme actually needs this though, is impossible for us to tell.
Which scanner detected this file as a virus? How is this problem related to PHP or HTML itself?
Where is this file located? The rewrite rules for WP to work is usually located at the root of the project. I doubt it’s required for a template/plugin, it lacks the usual verifications/limitations. Even for Ajax/CRON there are dedicated WP internal tools because it’s not usual to access files directly
Unrelated but
php|PHP
also is not needed. The?i
says case insensitive so it would be the same, just havephp
. Adding the virus scanner reporting this also may help the question.Also,
.phtml
is an old PHP extension (from PHP 2 IIRC), and actually rarely configured to run as PHP files in webservers config, so it may be an attempt to be able to view the code that’s inside files with such extension, because they will most probably render as html file and display the PHP code as text