Securing wp-includes
-
I am a WP newbie. Great system, and fabulous support and community, many thanks to All.
I am trying to diligently apply all suggestions from Codex section “Hardening WordPress”.
I have some difficulties with section “Securing wp-includes”. Suggestion is to add following lines to .htaccess.# Block the include-only files.
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ – [F,L]
RewriteRule !^wp-includes/ – [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ – [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php – [F,L]
RewriteRule ^wp-includes/theme-compat/ – [F,L]First of all I am not sure I understand all what the code is supposed to do, but more important, shall I add this to the .htaccess at the top level directory or into the wp-includes directory itself?
Help much appreciated, thanks!
- The topic ‘Securing wp-includes’ is closed to new replies.