Skip to content
Ensure that hidden (dot) files (such as .git) cannot be accessed on your Wordpress site
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

Wordpress - Protect Hidden Files

A simple Wordpress plugin that prevents access to hidden (dot) files (such as the .git directory) on your website. Simply install the plugin and activate - you're good to go!

This plugin was developed primarily in response to the great work by Vladimir Smitka. You can check out his website here:


Currently, the quickest method of installing is to download a zip file of this repository and upload it to your Wordpress installation as a new plugin. Once installed, just activate it to prevent access to hidden files.

How does it work?

This plugin automatically generates and implements the following .htaccess rules for your Wordpress installation. Using a plugin for this ensures that the rules aren't accidently removed.

# Scaffold - Protect Hidden Files
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule "(^|/)\.(?!well-known\/)" - [F]
You can’t perform that action at this time.