Security in .htaccess

  • Hi,
    I want to include several things in my .htaccess in order to make things more secure. I am very new to WP and was wondering if this code

    #BLOCK THE INCLUDE - ONLY FILES
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>

    placed in .htaccess is the same (or works the same) as this code

    # Disable direct access of any *.php files in /wp_includes folder
<FilesMatch .php>
   Order deny,allow
   Deny from all
</FilesMatch>

    placed in a separate .htaccess in /wp-includes

    Thank you for any help.

Viewing 4 replies - 1 through 4 (of 4 total)

  • You need to place all htaccess code in a single file. You can place all together in a single file.

    Thread Starter kustv

    (@kustv)

    Hi,
    thanks for yur replybut this was not my question. I know forsure that the last code needs to be placed in a separate .htaccess in wp-includes. My question was if this code is the sae or works the same as the “Block include files only” snippet.

    The last code, which will block direct access to php files in your wp_includes folder.

    I guess you don’t need to place both. As the first code, will restrict access to wp_includes directory. There is no need to place the second code too which will restrict direct access to .php files when the entire directory is being restricted with the first code.

    I spent my first three months at my first site sifting through all kinds of articles and tutorials while trying to “harden WordPress” securely, then discovered there is simply nothing better (imo) than the BulletProof Security plugin for doing all of that far better than I ever could have done. If you would like to see the best possible, let that plugin and its author show you how to actually make your site truly bulletproof.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Security in .htaccess’ is closed to new replies.