Disable PHP execution in WordPress `wp-includes` directory
PHP Files inside the wp-includes directory are not meant to be accessed directly. Enhance security of your WordPress site by disabling access to these PHP files. Create another htaccess file inside the wp-includes directory and paste the following code into it, but only this code. There is no need for anything like we put in the main htaccess file.
<Files *.php>
deny from all
</Files>
Disable Image Hot-Linking – protect your content
If you are running a website with lots of images, other users might hog your bandwidth by hot-linking to your content. This can slow down your website in addition to increasing your bandwidth consumption. The following code snippet will stop others from hot-linking to your image content. Replace `yourdomain.com` with your specific domain.
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?feeds.feedburner.com/layerpoint [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
That is the end of our enhancements to secure and speed up your WordPress installation. Should you have a question, feel free to leave a comment or get hold of us via email.