Hello Guys,
I recently discovered a significant security concern on one of my websites: https://sofatinfertility.com/ . It turns out that the WP-includes files are publicly accessible, which poses a serious security risk. Hackers can exploit this vulnerability through SQL injection or other malicious attacks.
To prevent this, I'll add the following code to my .htaccess file.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-includes/ - [F,L]
</IfModule>
User-agent: *
Disallow: /wp-includes/
Is this the safest method, or do I have to do more things?
The code you have metioned is a good step to prevent wp-includes/ from public accesss. i will suggest you need to block direct HTTP access to the wp-includes directory by RewriteRule ^wp-includes/ - [F,L]. you can also use robots.txt directive to tell search engine not to index these files by using Disallow: /wp-includes/ this code.
Locking down the wp-includes directory that you mentioned is a good step to prevent public access. For additional security, use the rule RewriteRule ^wp-includes/ - [F,L] to prevent direct HTTP access to the wp-includes directory. Furthermore, you may now use a robots.txt directive by the way to prevent search engines from indexing these files.
You’ve made a good start by changing your .htaccess file. To make your website even safer, you should also add rules to block direct access to important files like wp-config.php and the .htaccess file itself. It's also important to keep an eye on your site and update it regularly to keep it safe.
(03) 9543 7566
Unit 33 15 Ricketts Rd, Mount Waverley VIC 3149.
(03) 9543 7566
Unit 33 15 Ricketts Rd, Mount Waverley VIC 3149.
