They are a simple collection of htaccess rules collected from the best and even unknown blogs on WP. They work great on my servers and sites, although at first glance it may seem otherwise, they are more effective than any security plugin for WP, at least from my experience. I already know that in some cases some rules might conflict with badly configured serverr. They only work with apache and modrewite. I list them so that those in charge can analyze and test them. I hope it will be useful for the project given the extreme importance of security. It had been made a plugin then abandoned “WP Firewall”. Below are the latest updated rules and my advice is to make it a plugin and not in the core so that you can apply the desired rules at will and disable only some in case they give problems on some servers:
I found another custom code for the .htaccess file.
They are implementations that greatly improve the security and performance of any installation. Perhaps it would be worth considering whether to include the defoult functions in the security and performance screen. Or make it a simple security plugin. I’ve tried and the difference with and without the code is huge.
Because environments where CP is installed varies greatly, this wouldn’t be right to ship with core. Plus, the larger the htaccess files the slower the performance of the website. Htaccess is parsed for each request, so long htaccess files can slow down websites.
However, instead of declining this petition I will move it to the documenting category. This can be a good addition to tips/tutorials on hardening CP security. I would also recommend we use 7G firewall rules, which are widely used, tested, and come in htaccess and Nginx formats.