Home » Tutorial » How to Secure Wp-includes Folder

How to Secure Wp-includes Folder

secure
Morshed Alam Updated

You can secure your wp-includes folder too. None of the scripts in that folder have any reason to be accessed directly by any user. So, hardening WordPress means you should block direct access to resources inside wp-includes folder.

One way to do that is to block those scripts using mod_rewrite in the .htaccess file. The following code is taken from a WordPress support article.

Of course, place it outside the # BEGIN WordPress and # END WordPress tags in the .htaccess file. Otherwise, they will be overwritten by WordPress itself.

# Block the include-only files.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>

This will keep your WordPress website more secure.

Read more from Tutorial

Written by:

Morshed Alam
A teacher by profession, a traveler by passion and a netizen by choice.

Have you written on ThoughtMight?Write Today



Leave a Comment

Your email address will not be published. Required fields are marked *

Also Read

WordPress Search for Author

How to Include Author Name in WordPress Search Result

limited access no internet access

Fix WiFi Limited Access No Internet Access in Windows

MailPoet

How to Remove MailPoet CSS

Redirect WordPress Page

How to Create Custom Registration URL in WordPress without Plugin

How to Fix Updraftplus Error: Waiting until Scheduled Time to Retry because of Errors

Fix Updraftplus Waiting until Scheduled Time to Retry because of Errors

hide some categories

Hide Some Categories in Post Editor and Quick Edit