Error messages in Status Report due to SA-CORE-2013-003 that won't go away

By xngo on February 21, 2019

Symptoms

After I migration from Drupal 6 to Drupal 7, I got the following messages:

Public files directory: Not fully protected

See http://drupal.org/SA1. CORE1. 20131. 003 for information about the recommended .htaccess file 
which should be added to the sites/default/files directory to help protect against arbitrary code execution.

Temporary files directory: Not fully protected

See http://drupal.org/SA1. CORE1. 20131. 003 for information about the recommended .htaccess file 
which should be added to the /tmp directory to help protect against arbitrary code execution.

Solution

  1. Delete the .htaccess in your files directory(e.g. sites/default/files).
  2. Go to admin/config/media/file-system, prefix a dot to your Temporary directory (e.g. ./tmp).
  3. Click on Save.

About the author

Xuan Ngo is the founder of OpenWritings.net. He currently lives in Montreal, Canada. He loves to write about programming and open source subjects.