I have read many other posts about this, but the problem won’t go away on this site!
I have several sites, all of which are configured more or less the same way, on the same server.
ONE of them has the dreaded message on the dashboard:
Core folder is accessible by web
I know I could move the Core folder outside of the site directory, but I just want to understand why it’s happening first. All my other sites check out fine. I have used the SAME .htaccess file in the root and core folder on all of the sites.
The .htaccess in the core folder says this:
IndexIgnore / <Files *> Order Deny,Allow Deny from all
Permissions on the Core folder are 775
I think it’s something to do with the cache - because if I clear the cache, and visit the dashboard, the message disappears, but if I refresh the dashboard, the message returns!
One strange thing I noticed - If I try to visit: site.com/core/docs/changelog.txt in a browser - it diverts me to the home page rather than my 404 page - but all my other sites send me to my 404 page.
The unauthorised page setting is set to a published page in my resource tree.
I know I can move the core folder outside of the public directory, but It’s just annoying me that i can’t work out why it’s happening on this site only!