htaccess protections

Also:

add to wp-config
//DISABLES FILE EDITING
define(‘DISALLOW_FILE_EDIT’, true);
delete these files:
(root)/readme.html [info about site]
(root)/wp-admin/install.php [could be executed if connection to database is cut]

#PROTECT HTACCESS FILE

     

     order allow,deny

     deny from all

     

#BLOCK INCLUDE ONLY FILES

     RewriteEngine On

     RewriteBase /

     RewriteRule ^wp-admin/includes/ – [F,L]

     RewriteRule !^wp-includes/ – [S=3]

     RewriteRule ^wp-includes/[^/]+.php$ – [F,L]

     RewriteRule ^wp-includes/js/tinymce/langs/.+.php – [F,L]

     RewriteRule ^wp-includes/theme-compat/ – [F,L]

#SECURE WP-CONFIG.PHP

     

     Order Deny,Allow

     Deny from all

     

#CANONICAL FAVICONS – believe it or not a common point of attack 

     

      RewriteEngine On

      RewriteBase /

      RewriteCond %{REQUEST_URI} !^/favicon.ico$ [NC]

      RewriteCond %{REQUEST_URI} /favicon(s)?.?(gif|ico|jpe?g?|png)?$ [NC]

      RewriteRule (.*) http://example.com/favicon.ico [R=301,L]

     

# BEGIN WordPress



RewriteEngine On

RewriteBase /dialog/

RewriteRule ^index.php$ – [L]

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule . /dialog/index.php [L]



# END WordPress

last section is standard wordpress once permalinks have been activated

ABOUT

WORDPRESS

KNOWLEDGE BASE

Plasterdog Web Design