Skip to content

Instantly share code, notes, and snippets.

@jennimckinnon
Last active January 30, 2023 13:04
Show Gist options
  • Save jennimckinnon/3fd2963084511a466f62874d8912543b to your computer and use it in GitHub Desktop.
Save jennimckinnon/3fd2963084511a466f62874d8912543b to your computer and use it in GitHub Desktop.
Restrict Direct Access to Plugin and Theme PHP files in WordPress. Source: https://www.acunetix.com/websitesecurity/wordpress-security-top-tips-secure-wordpress-application/
RewriteCond %{REQUEST_URI} !^/wp-content/plugins/file/to/exclude\.php
RewriteCond %{REQUEST_URI} !^/wp-content/plugins/directory/to/exclude/
RewriteRule wp-content/plugins/(.*\.php)$ - [R=404,L]
RewriteCond %{REQUEST_URI} !^/wp-content/themes/file/to/exclude\.php
RewriteCond %{REQUEST_URI} !^/wp-content/themes/directory/to/exclude/
RewriteRule wp-content/themes/(.*\.php)$ - [R=404,L]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment