Sorry about posting a link to [ad removed] in response to your suggestion I contact WP support for “help”. Sorry for spamming your thread bro.

~Out

I’m still not seeing what this actually does. So you are saying that these rules should only be put in place BEFORE you actually install wordpress?

The added lines state that if the request is for a file in the wordpress directory (which can/must be changed if the directory does not match your installation), and the referer is not the site (which can/must also be changed to match your installation), then the request is redirected to the root of the site (which can/must also be changed to match your preference and installation).

The remaining ruleset is the WordPress default, which is the same in any WordPress installation which manages .htaccess. Reading the ruleset, you can see that it lets each request through for handling by index.php, unless the request is for an actual directory or file. I suggest you read the WordPress documentation on permalinks and read the parts of WordPress that handle permalinks (i.e. index.php and referred functions) for a detailed explanation.

If you have issues with the default ruleset, I suggest you contact the WordPress development team.

Ya interesting discussion. I would like for you to explain where I was incorrect in my assessment of the negative SEO aspect. Let me simplify my objections so you can better explain.

Basically, Googlebot finds a link to Hiding wordpress installation files in the comments section of the AskApache Password Protect plugin page, so then Googlebot, which has to act in accordance with the RFC HTTP client specifications just like any user-agent/browser, makes a GET request for this page with the referral header being set as the askapache.com plugin page.

If I understand, this code would then issue a 301 Permanent redirect to Googlebot instructing it to go to your blogs home page instead. When Googlebot or other search engine robots receive a 301 permanent redirect they usually take the redirecting URL OUT of their search index.

But once googlebot was on your homepage, any links to your site that it followed from there WOULD be allowed because googlebot would then set the referall header to your site.

When Googlebot receives a 301 redirect like this, it actually transfers some of the page-rank associated with the page issusing the redirect, to the page it is being redirected to. So this could actually boost the page-rank of your home-page, its a tricky thing.

p>

AskApache: Again, your claim that the “hiding” technique has negative effects on SEO are false. The article simply extends the WordPress rewrite rules.

Other than that, your reasoning about the article is mostly correct.

Your reasoning about the security challenges with your own plugin, however, are faulty. If someone wants to bypass HTTP Basic authentication over an insecure transport, they will be able to do so. Without a secure transport, the authentication cannot be trusted.