WordPress – prevent access to php files in wp-includes

on

Most wordpress php files are in directory wp-includes in wordpress root directory. This can be used by hackers to try to access these directly. This may lead to unnecessary errors in apache error log file also.

In case you are using WordPress with Apache, you can use the following configuration in apache conf file to prevent access to these php files.

RewriteEngine on
RewriteRule ^/wp-includes/[^/]*\.php$   - [L,R=403]

Or alternatively you can add the following to .htaccess

RewriteEngine on
RewriteRule ^wp-includes/[^/]*\.php$   - [R=403,L]

Now try to access url /wp-includes/class-wp.php. You should be able to see the following access denied page.
wordpress-protect-wp-includes-php-files-403

Suggested posts:

  1. How to list git branches
  2. Linux – find files containing specific text
  3. PHP sort associative array using custom compare function
  4. Using Google analytics SDK v2 for android app real time tracking
  5. How to zip/unzip a directory with password
  6. Disable directory listing in apache
  7. WordPress – get wpdb class method names
  8. Find which process is listening on a port on Linux
Share this article: share on facebook share on linkedin tweet this submit to reddit
Posted in | Tagged , , , , ,