How to secure wp-includes folder

You can secure your wp-includes folder too. None of the scripts in that folder have any reason to be accessed directly by any user. So, Hardening WordPress means you should block direct access to resources inside wp-includes folder.

One way to do that is to block those scripts using mod_rewrite in the .htaccess file. Following code is taken from a WordPress support article.

Of course place it outside the # BEGIN WordPress and # END WordPress tags in the .htaccess file. Otherwise they will be overwritten by WordPress itself.

# Block the include-only files.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]

This will keep your WordPress website more secured.

Spread the love

A teacher by profession, a traveler by passion and a netizen by choice.

Morshed Alam

You use WordPress! Why don't we share our experience! It may be a tutorial, tips, tricks or about security, performance or WordPress news. Write Today

Leave a Comment

Your email address will not be published. Required fields are marked *