List of WordPress files to protect

  • I am looking for a list of WP Multisite files that need to be protected.

    I use Cloudflare and I have a Firewall rule that blocks access to:

    wp-login.php
    xmlrpc.php
    /wp-admin/ and do not blocks /wp-admin/admin-ajax.php and /wp-admin/theme-editor.php
    wp-config.php
    license.txt
    wp-activate.php
    readme.html
    wp-load.php
    wp-settings.php

    My IP and server IP are whitelisted.

    However every now and then I find a new file that I didn’t include. Also I am not sure about not blocking /wp-admin/admin-ajax.php because I see that are requested by bots.

    I know that I can find rules for htaccess for doing this, but am not using this file for blocking. I need to know the name of the file to protect.

    Thanks in advance

    • This topic was modified 3 years, 9 months ago by James Huff. Reason: moved to Networking WordPress since this is a multisite question
  • The topic ‘List of WordPress files to protect’ is closed to new replies.