Title: .htaccess for /wp-content/plugins Last modified: August 30, 2016 --- # .htaccess for /wp-content/plugins * Resolved [yohgaki](https://wordpress.org/support/users/yohgaki/) * (@yohgaki) * [10 years, 9 months ago](https://wordpress.org/support/topic/htaccess-for-wp-contentplugins/) * Hi developer, * I found BPS does not have .htaccess for /wp-content/plugins directory. Plugin directory contains useful information for attackers. e.g. readme.txt contains version information. * Even if access to readme.txt/etc is prohibited, attacker could do fingerprinting against css/js/etc to determine plugin version, but limiting access to *.txt would be useful for simple attack/information gathering. * Please consider adding access control to /wp-content/plugins directory. * Thank you. * [https://wordpress.org/plugins/bulletproof-security/](https://wordpress.org/plugins/bulletproof-security/) Viewing 3 replies - 1 through 3 (of 3 total) * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [10 years, 9 months ago](https://wordpress.org/support/topic/htaccess-for-wp-contentplugins/#post-6481697) * BPS Pro does have that. The BPS Pro Plugin Firewall, which is an IP address firewall for the /plugins/ folder does not allow anyone except for you/your IP address to view/access any plugin files in the /plugins/ folder: [http://forum.ait-pro.com/forums/topic/plugin-firewall-read-me-first-troubleshooting/](http://forum.ait-pro.com/forums/topic/plugin-firewall-read-me-first-troubleshooting/) * Unfortunately, BPS free does not come with the BPS Pro Plugin Firewall, but you can deny access to txt files by creating your own custom htaccess file in the/ plugins/ folder. * Example: For host servers that have the mod_authz_core module loaded and that support IfModule conditions (HostGator does not support IfModule conditions for IfModule mod_authz_core.c and IfModule mod_access_compat.c). * ``` Require all denied Order Allow,Deny Deny from all ``` * For host servers that do NOT have the mod_authz_core module loaded and that do NOT support IfModule conditions (HostGator does not support IfModule conditions for IfModule mod_authz_core.c and IfModule mod_access_compat.c). * ``` Order Allow,Deny Deny from all ``` * Thread Starter [yohgaki](https://wordpress.org/support/users/yohgaki/) * (@yohgaki) * [10 years, 9 months ago](https://wordpress.org/support/topic/htaccess-for-wp-contentplugins/#post-6481741) * Thanks. I’ll consider Pro version 🙂 * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [10 years, 9 months ago](https://wordpress.org/support/topic/htaccess-for-wp-contentplugins/#post-6481780) * Assuming all questions have been answered – thread has been resolved. If you have additional questions about this specific thread topic then you can post them at any time. We still receive email notifications when threads have been resolved. * Thread Start Date: 8-26-2015 to 8-27-2015 Thread Resolved/Current Date: 8-29- 2015 Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘.htaccess for /wp-content/plugins’ is closed to new replies. * ![](https://ps.w.org/bulletproof-security/assets/icon-128x128.png?rev=1731938) * [BulletProof Security](https://wordpress.org/plugins/bulletproof-security/) * [Support Threads](https://wordpress.org/support/plugin/bulletproof-security/) * [Active Topics](https://wordpress.org/support/plugin/bulletproof-security/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/bulletproof-security/unresolved/) * [Reviews](https://wordpress.org/support/plugin/bulletproof-security/reviews/) * 3 replies * 2 participants * Last reply from: [AITpro](https://wordpress.org/support/users/aitpro/) * Last activity: [10 years, 9 months ago](https://wordpress.org/support/topic/htaccess-for-wp-contentplugins/#post-6481780) * Status: resolved