How to Restrict Access to WordPress Core PHP Files

How to Restrict Access to WordPress Core PHP Files

How to Restrict Access to WordPress Core PHP Files-: Do you want to restrict your core WordPress file so in case of attack hacker hand would not reach to your core file? Keep reading this Post you will get in-depth information on How to Restrict core WordPress File.

WordPress is one of the most popular CMS with over 35% of internet website are build on WordPress CMS at this time of writing this post. There other CMS like Squarespace, Joomla, Drupal etc but use by only fewer sites. WordPress is far ahead as compared to its competitor. Previously WordPress users to create a blog or website But now WordPress core code changed a lot as well as a massive ecosystem of plugins and theme, you can create any type of website with WordPress.

How to Restrict Access to WordPress Core PHP Files

As WordPress is more popular CMS, therefore, it is the main target for a hacker. As per Sucuri WordPress accounted for 90 per cent of all hacked CMS sites in 2018. WordPress is very secure by default itself most of the security breach occurs due to the use of theme and plugin from unauthorized sources. on WordPress Platform website security hardening means securing a website by reducing its surface of vulnerability. More use of theme and plugin, Showing directory or WordPress version provide a potential entry point to the hacker.

How to Restrict Access to WordPress Core PHP Files

Sucuri experts blamed most of the hacks on vulnerabilities in plugins and themes, misconfiguration issues, and a lack of maintenance by webmasters, who often forgot to update their CMS, themes, and plugins.

How to Restrict Access to WordPress Core PHP Files-:

Add the following code to your WordPress .htaccess files to restrict access to your WordPress Core PHP files so that hacker would not be able to inject any code. Below code are basically Rewrite Rule. Please take a backup of your .htaccess before making any changes.

RewriteCond %{REQUEST_URI} !^/wp-content/plugins/file/to/exclude\.php
RewriteCond %{REQUEST_URI} !^/wp-content/plugins/directory/to/exclude/
RewriteRule wp-content/plugins/(.*\.php)$ – [R=404,L]
RewriteCond %{REQUEST_URI} !^/wp-content/themes/file/to/exclude\.php
RewriteCond %{REQUEST_URI} !^/wp-content/themes/directory/to/exclude/
RewriteRule wp-content/themes/(.*\.php)$ – [R=404,L]

Conclusion-: In this post, I have tried in my best way to explain you to secure htaccess file with the most important file to secure your website. You can use a Plugin like Wordfence to keep watch on your WordPress website.

Thanks for reading…“Pardon my grammar, English is not my native tongue.”

If you like my work, Please Share on Social Media! You can Follow WP knol on Facebook, Twitter, Pinterest and YouTube for latest updates. You may Subscribe to WP Knol Newsletter to get latest updates via Email. You May also Continue Reading my Recent Posts Which Might Interest You.

About Amar Patel 263 Articles
Hi, I am Amar Patel from India. Founder, Author and Administrator of I am a Simple Average Man who Loves life and Love living life.Professionally I am a Mechanical Engineer. Apart from my Job, I Love to write the things around WordPress WordPress CMS.