Skip to content

Instantly share code, notes, and snippets.

@voneff
Last active Mar 23, 2016
Embed
What would you like to do?
WordPress: custom security measures
# BEGIN Security
#
# Sources:
# https://premium.wpmudev.org/blog/5-simple-htaccess-tips-to-tighten-your-sites-security/
# https://premium.wpmudev.org/blog/keeping-wordpress-secure-the-ultimate-guide/
# https://gist.github.com/voneff/0daab6372769e9ef3d75
#
# Protect htaccess From Unauthorized Access
<files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</files>
# Protect WordPress Configuration File
<files wp-config.php>
order allow,deny
deny from all
</files>
# Disable Directory Browsing
Options -Indexes
# Block the include-only files (/wp-includes/ directory)
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>
# END Security
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment