This article talks about tips on securing a WP site:
On my server, via WordPress multi-site setup, I found that this code:
RewriteEngine On RewriteBase / RewriteRule ^wp-admin/includes/ - [F,L] RewriteRule !^wp-includes/ - [S=3] RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] RewriteRule ^wp-includes/theme-compat/ - [F,L]
Generates a 403 Forbidden when I try to access the image here:
… which appears to be a rewrite for this url:
When I comment out this line:
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
The image is accessible.
Any tips on how to fix? 🙂
- The topic ‘Hardening WordPress: Securing wp-includes’ is closed to new replies.