WordPress Security: Restrict wp-content and wp-includes on wordpress using htaccess

Today, blogging is really a keen medium of knowledge sharing, which is a boon to globalization. But WordPress Blogs have been really vulnerable for its resources. Blogs have too many loop holes in terms of the security, like directory listing, especially in a hosted environment.

There are a lot of plugins developed everyday, so as to harden the wordpress blog security. Since, plugins are itself installed on wordpress so that practice will not be effective. While on the other hand, configuring the htaccess file, which is found in the root or any other directory, lowers the vulnerability. It prevents many attacks including brute force attacks, directory listings, disclosure of sensitive information etc. on a website.

htaccess method is a bit complex method, hence improper usage and coding may break some third party plugins or theme templates. But, it is not that complex, a bit of guidance will significantly increase the security, for your blog or website.

Note: Before attempting any changes, kindly back-up your WordPress Files and Database, for quick restoration.

Below is Code to restrict access to wp-content and wp-includes directories.

   1: Order Allow,Deny

   2: Deny from all

   3: <Files ~ "\.(css|jpe?g|png|gif|js)$">

   4:  Allow from all

   5: </Files>

Above code states, to deny access to directories and files except for images (jpg,gif,png), stylesheets (css) and javascripts (js), so that browser can fetch resources at the client side.

Put the above code snippet into your .htaccess file within the wp-content and wp-includes directories and save it.

And we are done, as we restricted the access to wp-content and wp-includes directories by configuring the .htaccess files individually under both directories.

For any queries or further assistance required, post comment as your feedback.