Have gone through many webpages about securing a wordpress site.
Applied many security steps like preventing directory listing, protecting .htaccess etc etc.
But I havent applied "Password Protecting a Directory with .htaccess" method which I um confused.
Which directory should I protect or is recommended? wp-admin, wp-content, and wp-includes?
Some site recommends to protect the wp-admin directory only, other recommends to protect the wp-includes only :S Some sites says that you can password protect all the directory !
If I allow user registration to visitors than I should not password protect my wp-admin directory. I am clear with that.
My site is going to be an ecommerce site which will not have any user registration. Visitor will enter and simply will buy the product. So which directories are recommended to protect using apache pasword protection? And Are there any harms in protecting the specific file wp-config.php? And what does the "RewriteRule ^(wp-includes)\/.*$ ./ [NC,R=301,L]" in .httacess will do?
Any help would be greatly appreciated.