Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
WordPress .htaccess
# WP Security
# PROTECTING DIRECTORIES
Options -Indexes
#IndexIgnore *.php
# WHITELISTING IP ADDRESSES
<Files wp-login.php>
#Order Deny,Allow
#Deny from all
# Allow access via this IP address
#Allow from 92.86.102.81
</Files>
# PROTECTING THE .HTACCESS FILE
<Files ~ "^.*.([Hh][Tt][Aa])">
Order Allow,Deny
Deny from all
Satisfy all
</Files>
# PROTECT .htaccess
<Files .htaccess>
order allow,deny
deny from all
</Files>
# PROTECT wpconfig.php
<files wp-config.php>
order allow,deny
deny from all
</files>
# PROTECTING THE WP-INCLUDES DIRECTORY
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /wp/
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>
#Prevent Full Path Disclosure
RewriteRule ^wp-includes/rss-functions\.php$ - [R=404,L,NC]
# END WP Security
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment