In the latest version of cwp we don’t allow any more to use “Options FollowSymLinks” in the .htaccess files as this is a security issue.
Why Options FollowSymLinks is not secure?
This is a big security issue when you have multiple accounts or domains on the same server, an attacker can hack one domain and from there create symbolic links to all other configuration files of the other users/domains.
For example configuration like (wp-config.php, configuration.php) files where database info is stored and then with that data hack all other users/domains on the server.
What is the solution if you need symlinks?
You can use instead “Options SymLinksIfOwnerMatch” this will provide more security.
If you don’t have many users/domains on your server and you need to disable this restriction, you can do that by editing apache vhost for that domain.
Example .htaccess line
Options Indexes SymLinksIfOwnerMatch