After some banging around in mod_rewrite, I sorted out how to prevent prying fingers from directly executing PHP modules that are contained within the wp-content and wp-includes directories. With few exceptions, PHP modules in these directories should not be directly access by a browser client.
WordPress, mod_rewrite and mod_security
Being conscious of web security is sometimes a real pain in the you know what. I’m seeing some attempts to directly access some scripts on WordPress sites I maintain that should not be directly accessed. No harm is being done, but there are “500 Internal Server Error” results being generated that should instead be “403 […]