Comments on: WordPress Security: Restrict wp-content and wp-includes on wordpress using htaccess

By: Cruz3N

Cruz3N — Sun, 23 May 2010 16:50:29 +0000

Nice trick Bro but i want to tell you, wordpress have some fatal error if we execute some files directly… For example:

yoursite.com/wp-settings.php
yoursite.com/wp-admin/admin-functions.php

And this is the lists that i already post on my blog
http://cruzenaldo.com/list-of-fatal-error-in-wordpress-292/

And to prevent that you can use some techniques with htaccess… Like

order allow,deny
deny from all

Order Allow,Deny
Deny from all

Thanks

By: Airbilder

Airbilder — Sun, 16 May 2010 19:42:33 +0000

Good method, thanks!

By: Okoth

Okoth — Mon, 12 Apr 2010 05:04:54 +0000

Your method will definitely make sure you cannot use the Visual editor anymore

Do you have a real solution to restrict access to wp-content and wp-includes AND that I can use ALL functions of WordPress?

By: Aky Joe

Aky Joe — Wed, 03 Mar 2010 07:08:31 +0000

Well, basically WordPress creates a .htaccess file by default, but it doesn’t configure it for tough security level. So you have take manual action in order to secure your content or sub directories.

By: pos monitoring

pos monitoring — Mon, 01 Mar 2010 00:56:40 +0000

i heard that it makes the files automatically? not sure if that’s true though

By: Aky Joe

Aky Joe — Fri, 19 Feb 2010 10:39:52 +0000

There isn’t a need to have so many passwords when one master password can fulfil the need, but still we bear to have different passwords for different accounts, as per our need and reliability. So, I don’t think there is a need to create 20 .htaccess files, when one can do the trick.

But, since wp-includes and wp-content might contain different resources for a blog to open, hence the need of creating two .htaccess file comes into role, so as to restrict the directories with there own directives.

By: TechOfWeb

TechOfWeb — Thu, 18 Feb 2010 19:46:39 +0000

create 20 htaccess files for preserving 20 folders. are you conform on this. I think a single htaccess is ok for a single web project

Atul

By: Aky Joe

Aky Joe — Thu, 18 Feb 2010 11:06:49 +0000

I appreciate your feedback for the assistance required.

Well, yes as I mentioned above in the article, we will have to create .htaccess files for as many different directories we need to protect. For instance, if you have 20 directories to protect, create 20 .htaccess files and located them separately in each directory, with 1:1 ratio.

By: Aky Joe

Aky Joe — Thu, 18 Feb 2010 10:13:34 +0000

I appreciate your concern towards the complexity of .htaccess file.

.htaccess stands for Hypertext Access file, hence, any mismatch of code or keyword will cause erroneous exceptions to rule over. So, for a novice user, I’ll suggest to backup a copy of htaccess as well as wordpress database.

By: Lee | Money4Invest

Lee | Money4Invest — Wed, 17 Feb 2010 03:51:56 +0000

I’m interested with this topic as I want to secure my Wp-content and Wp-includes on wordpress. I already have .htaccess file in the public_html folder. Should I create another 2 .htaccess files to be included in wp-content and wp-includes?