protecting wordpress with htaccess

  • This is the standard wordpress htaccess file:

    RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

    As I understand it, it rewrites requests for non-existent files or directories to .index.php.

    So how does this enhance security?

    Why not just use:
    ErrorDocument 404 /404.php ?

    As for something that REALLY helps protect my blog, I came across this snippet on wprecipies.com:

    Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]

    It claims to protect your wp blog from scripts injection and unwanted modification of _REQUEST and/or GLOBALS. But the author failed to provide any commentary or explanation.

    Can anyone offer any insight? Is the Options +FollowSymLinks directive necessary for this code to run?

Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘protecting wordpress with htaccess’ is closed to new replies.

Tags