Last active
March 23, 2016 15:54
-
-
Save voneff/0daab6372769e9ef3d75 to your computer and use it in GitHub Desktop.
WordPress: custom security measures
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# BEGIN Security | |
# | |
# Sources: | |
# https://premium.wpmudev.org/blog/5-simple-htaccess-tips-to-tighten-your-sites-security/ | |
# https://premium.wpmudev.org/blog/keeping-wordpress-secure-the-ultimate-guide/ | |
# https://gist.github.com/voneff/0daab6372769e9ef3d75 | |
# | |
# Protect htaccess From Unauthorized Access | |
<files ~ "^.*\.([Hh][Tt][Aa])"> | |
order allow,deny | |
deny from all | |
satisfy all | |
</files> | |
# Protect WordPress Configuration File | |
<files wp-config.php> | |
order allow,deny | |
deny from all | |
</files> | |
# Disable Directory Browsing | |
Options -Indexes | |
# Block the include-only files (/wp-includes/ directory) | |
<IfModule mod_rewrite.c> | |
RewriteEngine On | |
RewriteBase / | |
RewriteRule ^wp-admin/includes/ - [F,L] | |
RewriteRule !^wp-includes/ - [S=3] | |
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] | |
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] | |
RewriteRule ^wp-includes/theme-compat/ - [F,L] | |
</IfModule> | |
# END Security |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment