.htaccess-wp-moj_sajd

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^robots.txt$ - [L]
RewriteRule ^sitemap.xml$ - [L]
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# Ограничение к админ-панеле WordPress.
<Files wp-login.php>
order deny,allow
deny from all
Allow from 79.126.114.132
</Files>

# Запрещаем доступ к Xml-RPC в WP
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>

# защитить файлы плагина css и js.
<Files ~ "\.(js|css)$">
order allow,deny
allow from all
</Files>

# Защита htaccess.
<Files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</Files>

# защита wp-config.php
<files wp-config.php>
order allow,deny
deny from all
</files>

# Доступ всех файлов
# deny from all

# защита комментария от Спам-бота
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*http://too56.ru/.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^https://%{REMOTE_ADDR}/$ [R=301,L]
# END WordPress

wp-includes/.htaccess

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^robots.txt$ - [L]
RewriteRule ^sitemap.xml$ - [L]
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# Запретить доступ к папке wp-content и wp-includes
<FilesMatch "^.*(error_log|wp-config\.php|php.ini|\.[hH][tT][aApP].*)$">
Order deny,allow
Deny from all
</FilesMatch>