Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Restrict all access to wp-includes. Source: http://www.wpexplorer.com/htaccess-wordpress-security/
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>
@dhgutteridge

This comment has been minimized.

Copy link

dhgutteridge commented Jun 9, 2017

Concerning "RewriteRule ^wp-includes/js/tinymce/langs/.+.php - [F,L]", I think that's off by one directory. There's a PHP file found in "wp-includes/js/tinymce", but not in the "langs" sub-directory.

@jennimckinnon

This comment has been minimized.

Copy link
Owner Author

jennimckinnon commented Jun 29, 2017

This was from WP Explorer as noted above so that's the best place to comment and let them know your thoughts. :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.