Created
May 18, 2016 23:34
-
-
Save jennimckinnon/9165452059ed7747def1e4fc5f029039 to your computer and use it in GitHub Desktop.
Restrict all access to wp-includes. Source: http://www.wpexplorer.com/htaccess-wordpress-security/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<IfModule mod_rewrite.c> | |
RewriteEngine On | |
RewriteBase / | |
RewriteRule ^wp-admin/includes/ - [F,L] | |
RewriteRule !^wp-includes/ - [S=3] | |
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] | |
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] | |
RewriteRule ^wp-includes/theme-compat/ - [F,L] | |
</IfModule> |
This was from WP Explorer as noted above so that's the best place to comment and let them know your thoughts. :)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Concerning "RewriteRule ^wp-includes/js/tinymce/langs/.+.php - [F,L]", I think that's off by one directory. There's a PHP file found in "wp-includes/js/tinymce", but not in the "langs" sub-directory.