Home » Tutorial » How to Secure Wp-includes Folder

How to Secure Wp-includes Folder


You can secure your wp-includes folder too. None of the scripts in that folder have any reason to be accessed directly by any user. So, hardening WordPress means you should block direct access to resources inside wp-includes folder.

One way to do that is to block those scripts using mod_rewrite in the .htaccess file. The following code is taken from a WordPress support article.

Of course, place it outside the # BEGIN WordPress and # END WordPress tags in the .htaccess file. Otherwise, they will be overwritten by WordPress itself.

# Block the include-only files.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]

This will keep your WordPress website more secure.

Read more from Tutorial

Written by:

Morshed Alam
A teacher by profession, a traveler by passion and a netizen by choice.

Have you written on ThoughtMight?Write Today

Leave a Comment

Your email address will not be published. Required fields are marked *