Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Restrict all access to wp-includes. Source: http://www.wpexplorer.com/htaccess-wordpress-security/
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>
@dhgutteridge

This comment has been minimized.

Copy link

@dhgutteridge dhgutteridge commented Jun 9, 2017

Concerning "RewriteRule ^wp-includes/js/tinymce/langs/.+.php - [F,L]", I think that's off by one directory. There's a PHP file found in "wp-includes/js/tinymce", but not in the "langs" sub-directory.

@jennimckinnon

This comment has been minimized.

Copy link
Owner Author

@jennimckinnon jennimckinnon commented Jun 29, 2017

This was from WP Explorer as noted above so that's the best place to comment and let them know your thoughts. :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.