Permalink
Find file
Fetching contributors…
Cannot retrieve contributors at this time
70 lines (55 sloc) 1.96 KB
# WordPress will use these "BEGIN" and "END" lines if you include them
# http://www.netmagazine.com/tutorials/protect-your-wordpress-site-htaccess
# BEGIN WordPress
# END WordPress
# Block browsing access to the include-only files
# http://codex.wordpress.org/Hardening_WordPress#Securing_wp-includes
RewriteEngine On
RewriteBase /
RewriteRule ^wordpress/wp-admin/includes/ - [F,L]
RewriteRule !^wordpress/wp-includes/ - [S=3]
RewriteRule ^wordpress/wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wordpress/wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wordpress/wp-includes/theme-compat/ - [F,L]
# Protect .htaccess files
# http://www.netmagazine.com/tutorials/protect-your-wordpress-site-htaccess
<Files ~ "^.*\.([Hh][Tt][Aa][Cc])">
order allow,deny
deny from all
satisfy all
</Files>
# Protect wp-config.php
# http://halfelf.org/2013/false-security/
<Files wp-config.php>
order allow,deny
deny from all
</Files>
# Block directory browsing, access to "hidden" directories,
# and access to backup and source files
# https://github.com/h5bp/html5-boilerplate/blob/master/.htaccess
<IfModule mod_autoindex.c>
Options -Indexes
</IfModule>
<IfModule mod_rewrite.c>
RewriteCond %{SCRIPT_FILENAME} -d [OR]
RewriteCond %{SCRIPT_FILENAME} -f
RewriteRule "(^|/)\." - [F]
</IfModule>
<FilesMatch "(^#.*#|\.(bak|config|dist|fla|inc|ini|log|psd|sh|sql|sw[op])|~)$">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
#
# More .htaccess addons to consider:
#
# Roots Theme version of the HTML5 Boilerplate .htaccess
# https://github.com/retlehs/roots
# Jeff Starr's 5G Blacklist 2013
# http://perishablepress.com/5g-blacklist-2013/
# Limit Dashboard access by IP
# http://www.netmagazine.com/tutorials/protect-your-wordpress-site-htaccess
# Require a second credential to access the Dashboard
# http://blog.sucuri.net/2012/07/wordpress-and-server-hardening-taking-security-to-another-level.html
# http://build.codepoet.com/2012/07/10/locking-down-wordpress/
#