I am running WP3.0 RC3 with the trunk version of Donncha's domain mapping plugin and 4 separate blogs.
I want to lock down my install from spamming attempts. Is it safe to restrict access to wp-activate.php and wp-signup.php if I have no intention of opening my install up to blog signups? The only way I would ever create a new blog is from the Super Admin menu.
I already have wp-config.php restricted in my .htaccess file with the following code; can I safely do the same with wp-activate.php and wp-signup.php?
<files wp-config.php> Order deny,allow deny from all </files>