.htaccess – Question regarding mod_rewrite…

Hi Guys, I’ve had a look to see if this has been covered elsewhere, which I am guessing it has. My apologies if I’m rehashing something already covered.

We’re about to go live with a new site and I’m going through the steps for hardening WordPress. I’m following steps to add security to wp-includes, which adds some lines to .htaccess to block scripts using mod_rewrite.

The page/section I’m referring to: http://codex.wordpress.org/Hardening_WordPress#Securing_wp-includes

This isn’t my area of expertise, so when I edit .htaccess and see that S2Member has some instructions already there referring to mod_rewrite I’m not sure if adding WP’s suggested lines will interfere with it or not. Or if not, whether it’s better to stack them in a particular order, or if it doesn’t matter. Would you be able to provide any advice for me?

If it makes any difference, the site has both paid membership and a shopping cart with digital downloads (handled by another plugin). It’s not a multisite.

For reference, the S2Member lines are:

# BEGIN s2Member GZIP exclusions

RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} (^|?|&)s2member_file_download=.+ [OR]
RewriteCond %{QUERY_STRING} (^|?|&)no-gzip=1
RewriteRule .* – [E=no-gzip:1]

# END s2Member GZIP exclusions

And the WP lines from the above link are:

# Block the include-only files.
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ – [F,L]
RewriteRule !^wp-includes/ – [S=3]
RewriteRule ^wp-includes/[^/]+.php$ – [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+.php – [F,L]
RewriteRule ^wp-includes/theme-compat/ – [F,L]

bump :)

Thank you for your inquiry.

Sorry for the delay in response.

This isn’t my area of expertise, so when I edit .htaccess and see that S2Member has some instructions already there referring to mod_rewrite I’m not sure if adding WP’s suggested lines will interfere with it or not. Or if not, whether it’s better to stack them in a particular order, or if it doesn’t matter. Would you be able to provide any advice for me?

No this code will not interfere with s2Member’s. You can put WordPress’s htaccess rules above or below s2Member’s, it won’t matter. s2Member is only attempting to disable GZip through htaccess rules, so it doesn’t affect anything here.

Hi Bruce,

Thanks for that, very much appreciated!