From bb16c54a21dff0cc9efef4f10b7ef65a0b5a6e5b Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Thu, 26 Aug 2021 15:39:19 +0100
Subject: [PATCH] Harden htaccess for /wp-includes/ direct access

---
 docker/htaccess | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/docker/htaccess b/docker/htaccess
index d891492c..ddf02818 100644
--- a/docker/htaccess
+++ b/docker/htaccess
@@ -27,6 +27,13 @@ RewriteRule ^gallery/[0-9]+/(.*)$  wp-includes/ms-files.php?file=2010/08/$1 [L]
 RewriteRule ^resource/[^/]+/preview/(.*)$ wp-includes/ms-files.php?file=2010/08/$1 [L]
 RewriteRule ^resource/[^/]+/download/(.*)$ wp-includes/ms-files.php?file=2010/08/$1 [L]
 
+# hardening of wp-includes
+RewriteRule ^wp-admin/includes/ - [F,L]
+RewriteRule !^wp-includes/ - [S=3]
+RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
+RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
+RewriteRule ^wp-includes/theme-compat/ - [F,L]
+
 # BEGIN WPSuperCache
 <IfModule mod_rewrite.c>
 AddDefaultCharset UTF-8
-- 
GitLab