Created
February 15, 2019 12:07
-
-
Save imelgrat/8152a2a1b23ab3f6a33ddaee1e882126 to your computer and use it in GitHub Desktop.
Protect your WordPress website using a few cut-and-paste .htaccess hacks
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Taken from https://imelgrat.me/security/wordpress-htaccess-file-protect/ | |
# Prevent access to .htaccess and .htpasswd files | |
<files ~ "^.*\.([Hh][Tt][Aa])"> | |
order allow,deny | |
deny from all | |
satisfy all | |
</files> | |
# Deny access to wp-config.php file | |
<files wp-config.php> | |
order allow,deny | |
deny from all | |
</files> | |
AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi | |
Options -ExecCGI | |
# Disable directory browsing | |
Options All -Indexes | |
# Disable access to all file types except the following | |
Order deny,allow | |
Deny from all | |
<Files ~ ".(xml|css|js|jpe?g|png|gif|pdf|docx|rtf|odf|zip|rar)$"> | |
Allow from all | |
</Files> | |
# Block wp-includes folder and files | |
<IfModule mod_rewrite.c> | |
RewriteEngine On | |
RewriteBase / | |
RewriteRule ^wp-admin/includes/ - [F,L] | |
RewriteRule !^wp-includes/ - [S=3] | |
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] | |
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] | |
RewriteRule ^wp-includes/theme-compat/ - [F,L] | |
</IfModule> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment