Harden htaccess for /wp-includes/ direct access

docker/htaccess

@@ -27,6 +27,13 @@ RewriteRule ^gallery/[0-9]+/(.*)$  wp-includes/ms-files.php?file=2010/08/$1 [L]
 RewriteRule ^resource/[^/]+/preview/(.*)$ wp-includes/ms-files.php?file=2010/08/$1 [L]
 RewriteRule ^resource/[^/]+/download/(.*)$ wp-includes/ms-files.php?file=2010/08/$1 [L]
 
+# hardening of wp-includes (with the exception of ms-files.php, the WP multisite file server).
+RewriteRule ^wp-admin/includes/ - [F,L]
+RewriteRule !^wp-includes/ - [S=2]
+RewriteCond $0 !^wp-includes/ms-files\.php$
+RewriteRule ^wp-includes/.+\.php(/|$) - [F,L]
+RewriteRule ^wp-includes/theme-compat/ - [F,L]
+
 # BEGIN WPSuperCache
 <IfModule mod_rewrite.c>
 AddDefaultCharset UTF-8
@@ -66,6 +73,8 @@ RewriteRule ^(.*) "/wp-content/cache/supercache/%{HTTP_HOST}/%{HTTP:X-Forwarded-
 RewriteCond %{REQUEST_FILENAME} -f [OR]
 RewriteCond %{REQUEST_FILENAME} -d
 RewriteRule ^ - [L]
+RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
+RewriteRule ^(.*\.php)$ $1 [L]
 RewriteRule . index.php [L]
 # END WordPress