nemo-maritime: You don’t want to block access to those, because sometimes your site needs to get in there, into specific files. Some plugins do the same thing.
If you mean how do I block the indexes, so that you can’t see what plugins I actually have, then all you have to do is to add Options -Indexes to the top of your main .htaccess file.
Ok, sorry for being so paranoid and all, I might have read too many WP blog security articles, but I was just concerned that if I didnt block them off there could be a big security risk, and most of them said that wp-includes and wp-content should be blocked off. Just being cautious, dont want to be hacked I guess. But thank you for the code provided, that is the main thing I was looking for as when I visited your nice sites wp-includes and such files, it gave me an error. That is what I was looking for so I will try it soon. All I do is put the code you provided on the top of the main .htaccess? I think you pretty much addressed my concerns. Thank you for all of your help.
One more question. I had a blog I was updating from 2.5 to 2.7, do I just ignore the security key in there and get a new one for 2.7? Or am I supposed to use the one in 2.5
You can replace the key’s with new ones at any time. It won’t affect anything, it will just make you “logged out” temporarily, until you log back in.
Just go here: http://api.wordpress.org/secret-key/1.1/
Then copy and paste that random set of keys into your wp-config file, replacing the old ones.
