Wordpress : user.ini publicly visible


Hello Bonjour !

My YunoHost server

Hardware: Old laptop or computer
YunoHost version: (stable)
I have access to my server : Through SSH | through the webadmin | direct access via keyboard / screen | all 3 although the webadmin has been a bit capricious these last few months
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no (except my old computer is very old and only 32 bits but it’s not the problem here)

Description of my issue

I’ve installed the wordpress app on yunohost. When running a scan with Wordfence I get .user.ini is publicly accessible and may expose source code or sensitive information about your site. Files such as this one are commonly checked for by scanners and should be made inaccessible. Alternately, some can be removed if you are certain your site does not need them. Sites using the nginx web server may need manual configuration changes to protect such files.

As I don’t know what i’m doing I don’t want to delete the file, but I also don’t want to leave a vulnerability out there, what should I do ?

Thanks so much ! Still and forever
your biggest fan