You can secure your wp-includes
folder too. None of the scripts in that folder have any reason to be accessed by any user. One method to restrict access to the wp-includes
scripts is to use the mod_rewrite
Apache module. The following code is taken from the WordPress Codex; it's what I always use in the .htaccess
file in the root of my websites. Edit your main .htaccess
file as we did before with FileZilla. The "main" .htaccess
file is the one that sits in the root of your web doc's folder, or where you see the wp-config.php
file. Enter the following code immediately before the #BEGIN WordPress
line or immediately after the #END WordPress
line.
# Block the include-only files. RewriteEngine On RewriteBase / RewriteRule ^wp-admin/includes/ - [F,L] RewriteRule !^wp-includes/ - [S=3] RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] RewriteRule ^wp-includes/theme-compat/ - [F,L]
Once you've added that code to your main .htaccess
file, save it and re-upload...