jagmitg
Reputation: 4546
Htaccess Block all php file in certain directories
I am trying to secure my wordpress site through htaccess - By blocking php files from folders.
Example:
- Deny all php files in wp-content
- Allow php files in in wp-admin and wp-includes
- On home directory, allow index.php and allow all files with wp and deny all.
So Far:
Deny wp-config.php
<files wp-config.php>
order allow,deny
deny from all
</files>
Run only certain files (but i cant get directory to work on this level)
Order deny,allow
Deny from all
<Files ~ ".(xml|css|jpe?g|png|gif|js)$">
Allow from all
</Files>
Upvotes: 2
Views: 1488
Answers (1)
anubhava
Reputation: 784868
You cannot match directories using Files directive.
Have these 2 rules as your very first rules in main WP .htaccess:
RewriteEngine On
RewriteRule ^/?wp-content/.+?\.php - [NC,F]
RewriteCond %{REQUEST_URI} !^/(index|wp.+?)\.php [NC]
RewriteRule ^/?[^./]+\.php - [NC,F]
Don't forget to remove all the Files blocks.
Upvotes: 2
Related Questions
- Block php files except in one directory
- htaccess deny access to all php files except specific one
- .htaccess deny php files from all except index
- Deny access to all PHP files in a directory using .htaccess
- Make php files under a certain directory unaccessible using htaccess
- .htaccess deny files in subfolders
- .htaccess deny access to just PHP files
- Block only directories using .htaccess
- How to block direct requests to php files in specified directory?
- .htaccess deny all except some directories