Add Another Layer of Security to Your WordPress Site with These Codes

  • Reading time:3 mins read
  • Post category:blogging

add security to wordpress with these codes

WordPress has added another layer of security for our blogs, but there’s a little more we have to do in order for it to become operational. Follow these instructions to add the code to your WordPress site.

Add Code to Your .htaccess File

When you make changes to your .htaccess file it is important that you add the code at the top of the page, before the # BEGIN WordPress notation.

Anything written between the # BEGIN WordPress and # END WordPress tags will be overwritten by a WordPress update.

Securing the wp-config.php File

To deny access to anyone searching for your wp-config.php file, copy & paste the following code to the very top of your .htaccess file before the # BEGIN WordPress tag. (You will still be able to access it yourself through c-panel or Filezilla FTP tool.)

order allow,deny
deny from all

Securing the wp-includes File

If you are the only one who has permission to change scripts on your WordPress site, block those scripts using mod_rewrite. Copy & paste the following code after the wp-config.php code shown above and before the # BEGIN WordPress tag.

# Block the include-only files.

RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]

If you have a WordPress Multisite or Network, the line: RewriteRule ^wp-includes/[^/]+.php$ – [F,L] would prevent the ms-files.php file from generating images. Delete that line – the code will still work but with less security.

Add Code to Your wp-config.php File

If a hacker has managed to login to your WordPress admin, protect your php files like plugin or theme files by adding the following code to your wp-config.php file. It will disallow the ability of all users from editing those files.

define('DISALLOW_FILE_EDIT', true);

I know from experience that getting hacked is a nightmare. Protect your WordPress site with other security measures discussed in our How to Secure Your WordPress Site series:

Add Another Layer of Security to Your WordPress Site with These Codes
Increase WordPress Security with Unique Keys and Salts


Hardening WordPress from

Did this information help you?

Get our updates delivered directly to your inbox so you won’t miss a thing.

Know someone who would love this information? Please share.


Weekly information & inspiration for Merrymakers in their inbox.

We don’t spam! Read our privacy policy for more info.