Code for .htaccess

  • Resolved Robert Eichhorn

    (@robert-eichhorn)


    3 years, 3 months ago

    I want to add some code to my .htaccess file to prevent hackers from accessing my wp-includes folder. I found 2 different examples of code to add. One example starts the code with <IfModule mod_rewrite.c>. The other example starts the code with RewriteEngine On. I would like to know the reason for the 2 different setups and what one should I use. Here are the 2 different examples:

    Example 1:
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    # more code goes here
    </IfModule>

    Example 2:
    RewriteEngine On
    RewriteBase /
    # more code goes here
    RewriteRule ^wp-includes/theme-compat/ – [F,L]

Viewing 3 replies - 1 through 3 (of 3 total)

  • Example 2 needs to be nested within opening (<IfModule mod_rewrite.c>) and closing
    (</IfModule>) mod_rewrite rules. These could wrap this individual set of directives (as seen in example 1), or a group of directives that require mod_rewrite in the .htaccess file.

    Dion

    (@diondesigns)

    Enclosing rewrite blocks with <IfModule mod_rewrite.c>...</IfModule> is an artifact of a long-gone era when servers had very little memory, and Apache would be configured to conserve as much memory as possible. If Apache/Litespeed was (correctly) built in the past 10 or so years, mod_rewrite will be loaded and the enclosure is unnecessary.

    This is one of many legacy items in WordPress that should probably be removed. Use of the PHP mysql extension in wp-db.php is another example.

    Thread Starter Robert Eichhorn

    (@robert-eichhorn)

    Barnez and Dion – thanks for your help. I will ask the Apache community for their input on the issue.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Code for .htaccess’ is closed to new replies.

Tags