[resolved] Hardening WordPress: Securing wp-includes (3 posts)

  1. mhulse
    Posted 4 years ago #

    This article talks about tips on securing a WP site:

    Securing wp-includes

    On my server, via WordPress multi-site setup, I found that this code:

    RewriteEngine On
    RewriteBase /
    RewriteRule ^wp-admin/includes/ - [F,L]
    RewriteRule !^wp-includes/ - [S=3]
    RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
    RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
    RewriteRule ^wp-includes/theme-compat/ - [F,L]

    Generates a 403 Forbidden when I try to access the image here:


    ... which appears to be a rewrite for this url:


    When I comment out this line:

    RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]

    The image is accessible.

    Any tips on how to fix? :)

  2. You can't. There's a file in /wp-includes/ called ms-files.php, which is used by WordPress multisite to generate images.

    I'll document that in the codex.

  3. mhulse
    Posted 4 years ago #

    Thanks Ipstenu! I really appreciate the help. :)

    I am finding that there's a ton of articles on the net about how to secure a WP site, but not as many that are specific to a WP multisite install.

    Anyway, thanks a billion for all of your pro help! You rock!!!! :D


Topic Closed

This topic has been closed to new replies.

About this Topic