WordPress.org

1. mhulse
   Member
   Posted 1 year ago #
   

   This article talks about tips on securing a WP site:

   Securing wp-includes

   On my server, via WordPress multi-site setup, I found that this code:

   RewriteEngine On
   RewriteBase /
   RewriteRule ^wp-admin/includes/ - [F,L]
   RewriteRule !^wp-includes/ - [S=3]
   RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
   RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
   RewriteRule ^wp-includes/theme-compat/ - [F,L]

   Generates a 403 Forbidden when I try to access the image here:

   blog-name/files/2012/02/dim-sum-150x150.jpg

   ... which appears to be a rewrite for this url:

   /wp-includes/ms-files.php

   When I comment out this line:

   RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]

   The image is accessible.

   Any tips on how to fix? :)

2. Ipstenu (Mika Epstein)
   Half-Elf Support Rogue & Mod
   Posted 1 year ago #
   

   You can't. There's a file in /wp-includes/ called ms-files.php, which is used by WordPress multisite to generate images.

   I'll document that in the codex.

3. mhulse
   Member
   Posted 1 year ago #
   

   Thanks Ipstenu! I really appreciate the help. :)

   I am finding that there's a ton of articles on the net about how to secure a WP site, but not as many that are specific to a WP multisite install.

   Anyway, thanks a billion for all of your pro help! You rock!!!! :D

   Cheers,
   Micky

Topic Closed

This topic has been closed to new replies.