I'm try to harden my WordPressa installing and am now at the point where I'm placing htaccess files outside of the root directory to improve security.
I have placed the following code in my wp-content/uploads and wp-content/includes folders, and all is well:
<Files *.php> deny from all </Files>
The problem is when I place the following as an .htaccess file in the wp-content folder:
Order deny,allow Deny from all <Files ~ ".(xml|css|jpe?g|png|gif|js)$"> Allow from all </Files>
When I try to view my blog page with snippits and thumbnail images, the thumbnail images don't show themselves and the alt text is visible.
You can see the issue here. It seems strange as the images are jpegs, which are being allowed through the htaccess rules in wp-content, but the thumbnail won't show unless I remove the code.
Any ideas would be great at this point.