k-isabelle
5/31/2018 - 4:29 PM
Prevent Direct Access to Theme/Plugin Files
Mike Jolley - Keeping your shit secure: https://mikejolley.com/2013/08/13/keeping-your-shit-secure-whilst-developing-for-wordpress/
Acunetix - Top Tips to Prevent a WordPress hack: https://www.acunetix.com/websitesecurity/preventing-wordpress-hack/
# Restrict direct access to PHP files from theme or plugin directories
# Place in root .htaccess file
# Restrict direct access to PHP files from plugin directories
RewriteCond %{REQUEST_URI} !^/wp-content/plugins/file/to/exclude\.php
RewriteCond %{REQUEST_URI} !^/wp-content/plugins/directory/to/exclude/
RewriteRule wp-content/plugins/(.*\.php)$ - [R=404,L]
# Restrict direct access to PHP files from theme directories
RewriteCond %{REQUEST_URI} !^/wp-content/themes/file/to/exclude\.php
RewriteCond %{REQUEST_URI} !^/wp-content/themes/directory/to/exclude/
RewriteRule wp-content/themes/(.*\.php)$ - [R=404,L]// Prevent Direct Access to Theme/Plugin files
// Place at the top of your theme or plugin files
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly