Skip to content

Instantly share code, notes, and snippets.

@olkitu

olkitu/.htaccess

Created Mar 7, 2019
Embed
What would you like to do?
Block access to Wordpress files and directory
Options -Indexes
<files xmlrpc.php>
order allow,deny
deny from all
</files>
<files wp-config.php>
order allow,deny
deny from all
</files>
<files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</files>
# Block the include-only files.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# End WordPress
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment