diff --git a/security.md b/security.md
index 93c714a..53e766e 100644
--- a/security.md
+++ b/security.md
@@ -11,10 +11,10 @@ For Apache there is the .htaccess file, that has all you need for avoiding user
 You have to add to your server directive of your page (in nginx.conf) deny to some files, like: 
 
 ```
-location ^~ /sqlite.db3 {
+location ^~ /sqlite\.db3 {
     deny all;
 }
-location ^~ /cronchk.php {
+location ^~ /cronchk\.php {
     deny all;
 }
 ```