September 3, 2009

WordPress .htaccess hack fixes

Protect, kinda, your wordpress!

# Deny anybody wp-login access
RewriteCond %{REMOTE_ADDR} !my\.ip\.address\.xxx
RewriteCond %{THE_REQUEST} .wp-login\.php.*
RewriteRule .* - [F,L]

# Refuse access in wp-content directory except for the three files mentioned
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /wp-content/.*$ [NC]
RewriteCond %{REQUEST_FILENAME} !^.+flexible-upload-wp25js.php$
RewriteCond %{REQUEST_FILENAME} !^.+style.css.php$
RewriteCond %{REQUEST_FILENAME} !^.+wpsf-js.php$
RewriteCond %{REQUEST_FILENAME} ^.+\.(php|html|htm|txt|pdf)$
RewriteRule .* - [F,NS,L]

In .htaccess stuff

Wordpress .htaccess hack fixes

Leave a Reply
Cancel reply

© 2020 fixyourserver.com

Theme by Anders Norén