My whitelist added a rule that I didn’t ask for. It allows all PHP files in the upload directory in what seems to be hidden folders. And that’s precisely a way for malwares to attack. So I need to DELETE this rule (and I don’t have any hidden folders there anyway).
So in the hardening tab, under “allow blocked php files” section I’ve checked the box of this rule and clicked on delete, but the page refreshes and the rule is still here. I can’t find where this whitelist is stored on my website. I’ve checked in the uploads/sucuri folder, in the .htaccess file and even in my database, but nothing.
Please how to fix this and delete this unwanted rule?
