Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Restrict all access to wp-includes. Source:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]

This comment has been minimized.

Copy link

@dhgutteridge dhgutteridge commented Jun 9, 2017

Concerning "RewriteRule ^wp-includes/js/tinymce/langs/.+.php - [F,L]", I think that's off by one directory. There's a PHP file found in "wp-includes/js/tinymce", but not in the "langs" sub-directory.


This comment has been minimized.

Copy link
Owner Author

@jennimckinnon jennimckinnon commented Jun 29, 2017

This was from WP Explorer as noted above so that's the best place to comment and let them know your thoughts. :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.