Mr.Phuong phuongdovan
phuongdovan
/ htaccess-wordpress
Last active
April 23, 2026 14:14
If your wordpress website is hosted on Apache web server, such as shared hosting with Cpanel or DirectAdmin, this is the htaccess file code to make Wordpress more secure (it's created by iThemes Security Pro plugin).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # BEGIN iThemes Security - Do not modify or remove this line | |
| # iThemes Security Config Details: | |
| # Protect System Files - Security > Settings > System Tweaks > System Files | |
| <files .htaccess> | |
| <IfModule mod_authz_core.c> | |
| Require all denied | |
| </IfModule> | |
| <IfModule !mod_authz_core.c> | |
| Order allow,deny | |
| Deny from all |
phuongdovan
/ nginx-wordpress.conf
Last active
April 23, 2026 14:13
iThemes Security Pro created the file nginx.conf file in the wordpress main directory with this content. Then, i don't need to use this plugin anymore, just keep the security code on the server. Everything is still well secured without a plugin.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # BEGIN iThemes Security - Do not modify or remove this line | |
| # iThemes Security Config Details: 2 | |
| # Protect System Files - Security > Settings > System Tweaks > System Files | |
| location = /wp-admin/install.php { deny all; } | |
| location = /nginx.conf { deny all; } | |
| location ~ /\.htaccess$ { deny all; } | |
| location ~ /readme\.html$ { deny all; } | |
| location ~ /readme\.txt$ { deny all; } | |
| location ~ /wp-config.php$ { deny all; } | |
| location ~ ^/wp-admin/includes/ { deny all; } |