Support » Fixing WordPress » Securing wp-includes

  • I am a WP newbie. Great system, and fabulous support and community, many thanks to All.

    I am trying to diligently apply all suggestions from Codex section “Hardening WordPress”.
    I have some difficulties with section “Securing wp-includes”. Suggestion is to add following lines to .htaccess.

    # Block the include-only files.
    RewriteEngine On
    RewriteBase /
    RewriteRule ^wp-admin/includes/ – [F,L]
    RewriteRule !^wp-includes/ – [S=3]
    RewriteRule ^wp-includes/[^/]+\.php$ – [F,L]
    RewriteRule ^wp-includes/js/tinymce/langs/.+\.php – [F,L]
    RewriteRule ^wp-includes/theme-compat/ – [F,L]

    First of all I am not sure I understand all what the code is supposed to do, but more important, shall I add this to the .htaccess at the top level directory or into the wp-includes directory itself?

    Help much appreciated, thanks!

  • The topic ‘Securing wp-includes’ is closed to new replies.