Presently I'm working on configuring security options for my website. Obviously, the best way to go about this is to use htaccess in combined with other things. The .htaccess problem is stalling my efforts however.
I use git to deploy my wordpress installation. As such, I also clone the stable version of wordpress. I don't modify this, I do all the work outside of the submodule directory.
My problem is this: since I don't modify the wordpress installation files themselves I can't just delete the install.php file. As such, I want to prevent access to it by blocking it using .htaccess. In my top-level directory I have a .htaccess file that has a segment like below:
<files install.php> order allow, deny deny from all </files>
The purpose was to block all outside access to install.php at all costs. That way if my database went down for some reason some malicious person couldn't re-run the install script.
Now when I try to visit the site home page I get a 500 error. Upon commenting out that section I don't get a 500 error anymore. All of the wordpress generated .htaccess code seems to work fine. Just when I include my own it breaks.
Why is this, and more to the point, how do I fix it? Thank you!