Rewrite – Root Files

Posted in: Getting Started (4) Plugin Options Explained (35) Actions / Filters (30) How To (14)      Options (28)    Rewrite (18)    Directory (3)  

Any WordPress instance include specific files located within root install directory. You may think this is not a big deal as any site contain such file. The problem is they use a format which makes your WordPress easy traceable:


and other..

This area provides a way to control the privacy of those files making them invisible to anyone accessing them from outside. They will continue to be used internally by WordPress without any problem.

Block license.txt

This is a text file which contains the licensing terms for the WordPress framework. Obviously, you don’t want that visible as every site containing such a file must be a WordPress.

Block readme.html

A Hypertext Markup Language file with general information about installed WordPress, version, installation steps, updating, requirements, resources etc.

Block wp-activate.php

Block access to wp-activate.php file. Through this file new users confirm that the activation key that is received in the email after signing up for a new blog matches the key for that user. If anyone can register on your site, you should keep this off, but use the other plugin functionalities to rename to something else.

Block wp-cron.php

The file wp-cron.php is the portion of WordPress that handles scheduled internal events within a WordPress site. If remote cron calls are not used, it is safe to turn this option to Yes. The code also resolves the internal server IP and excludes it against this option, so the cron service continues to work as before.

Block register-me.php

Through this, anyone can register on your site. If the registration functionality is turned off, the register-me.php should be blocked. Otherwise, it should be renamed through the other plugin features.

Block wp-register.php

This is a deprecated file but is still present in many WordPress installs. This should be blocked.

Block other wp-*.php files

Block other wp-*.php files. E.g. wp-blog-header.php, wp-config.php. Those files are used internally, blocking those will not affect any functionality. Other root files (wp-activate.php, wp-login.php, register-me.php etc) are ignored, they can be controlled through their own settings.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedIn
Scroll to top