Sometimes well-meaning security tweaks to your website can actually inhibit, or even outright kill, intended functionality. It is imperative web developers understand what they are trying to achieve and the different ways to get there.
One such security tweak for WordPress is disabling PHP execution in the
/wp-content/uploads directory. On Apache, this is achieved by way of adding an
.htaccess file to the directory with the following rule:
<Files *.php> Order Allow, Deny Deny from all </Files>
However, I recently worked on a theme that implemented Lazy Loading for their images and the above rule prevented the script for working. In place of images I got nice little 404 errors.
There are a lot of security tweaks and suggestions out there on the internet. Be sure you know what you’re using.
To round off this post, here are some related links you may find helpful:
- HTML5 Boilerplate’s .htaccess file
- 5G Blacklist 2013 (WordPress users can use the BBQ: Block Bad Queries Plugin which is based on the 5G Blacklist)
- 10 Userful WordPress Security Tweaks
- 10+ .htaccess snippets to optimize your website
: If you want to protect vulnerable WordPress folders using the
.htaccess method described above, I highly suggest installing Sucuri Security – SiteCheck Malware Scanner. You can easily add or remove the
.htaccess file from the WordPress Administration instead of having to access your server via FTP/SFTP/SSH.