Revisiting the htaccess file
In case you were asleep, we've so far used htaccess files for some cunningly clever stuff:
Adding an authentication layer to
wp-adminProtecting the
wp-contentandwp-includesdirectoriesPreventing directory browsing
Cloaking the
wp-login.phppageDenying access to the
wp-config.phpfile
There's a shed load more we can do with htaccess. We'll focus on its security functions.
Note
You can have an htaccess file in any folder to set rules for that directory tree.
Or, specify files or sub-folders from the WordPress root directory htaccess.
Sub-folders can have overrules in their htaccess files.
Got root user access? Instead use the httpd.conf file for faster pageload.
Blocking comment spam
This won't prevent all the junk, but it sure helps with the bot-automated variety:
#kill spam, and swear at it too
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*somesite.com.* [OR]
RewriteCond %{HTTP_USER_AGENT...
