I’m trying to improve WordPress security via Firewall Rules. I found some useful tips for login and /wp-admin but now I’m trying to deploy right rule for /wp-includes
In Codex there is this for .htaccess:
# Block the include-only files.
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
My rule which I was testing is:
**Block** (http.request.uri.path contains "/wp-includes" and http.referer eq "mysite.com")
I didn’t found any issue yet, but maybe somebody will know what problems I can encounter with this. I’ll appreciate feedback and modifications. Thanks!