I’ve been working on wordpress security here lately. I have been trying to combine the bullet-proof and wp-sentinel plug ins together. I feel wp-sentinel is far superior than wp-bullet proof in the because it actually bans intruders instead of rewriting their url to a safe url. Then alot of the canned rules wp-sentinel already takes care of. So including having – Indexes in the htaccess why not block people who are intentionally trying to peek into the directories also.
So I threw together these rules to use with wp-sentinel and also borrowed some from bullet-proof
# DO NOT SHOW DIRECTORY LISTING
# If you are getting 500 Errors when activating BPS then comment out Options -Indexes
# by adding a # sign in front of it. If there is a typo anywhere in this file you will also see 500 errors.
Options -Indexes
#Rewrite anyone who is trying to snoop into the directories to be logged by wp-sentinel
RewriteBase /
RewriteCond %{REQUEST_FILE} !-f
RewriteRule ^([^/.]+)/?$ /?s=../../dirblock1 [R=301,L]
RewriteRule ^([^/.]+)/([^/.]+)/?$ /?s=../../dirblock2 [R=301,L]
RewriteRule ^([^/.]+)/([^/.]+)/([^/.]+)/?$ /?s=../../dirblock3 [R=301,L]
RewriteRule ^([^/.]+)/([^/.]+)/([^/.]+)/([^/.]+)/?$ /?s=../../dirblock4 [R=301,L]
RewriteRule ^([^/.]+)/([^/.]+)/([^/.]+)/([^/.]+)/([^/.]+)/?$ /?s=../../dirblock5 [R=301,L]
# BLOCK HOTLINKING TO IMAGES
# To Test that your Hotlinking protection is working visit http://altlab.com/htaccess_tutorial.html
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?raskitchen\.com [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpeg|jpg|gif|bmp|png)$ – [F]