WordPress Themes and WordPress Plugin is the most enhanced method that we can do easily and quickly. But for some reason there are hacker or BAD HABITS from netter, their tried to do something weird on our WordPress website.
Cheryl Cole - Beautiful Security on WordPress Plugins Files
On today tricks we’ll show you how to secure our plugins files using .htaccess. You only need to put on this code on your .htaccess
<Files ~ ".(js|css)$"> order allow,deny allow from all </Files>
After you put this code, you are done. But for prepare for worst condition, please Don’t forget to backup the file before edition!. This tricks will show you how to prevent direct access to plugin files.
Thanks for WP Recipes & Greg Winiarski
Pingback: Tweets that mention Tiny Tips to Secure your Plugins #tricks #htaccess #plugins #security -- Topsy.com
After viewing this snippet it didn’t make sense to me and then I went to WP Recipes and saw why it didn’t make sense.
1. allow from all – doesn’t block anything.
2. not sure why you would block all .css & .js files from the end user or how static .css & .js files can be harmful. I think what you would want to block is direct access to plugin .php files.
I think Arne’s solution when placed in the plugins directory would be the best.
Order Allow,Deny
Deny from all
Satisfy all
Also, here is a good link for a .htaccess cheat-sheet I found through Google.
http://www.thejackol.com/htaccess-cheatsheet/