From e38e912b2f2c25d0f76deb462695aaf58f8f397d Mon Sep 17 00:00:00 2001
From: Grant Slater <git@firefishy.com>
Date: Wed, 1 Apr 2015 00:00:39 +0100
Subject: [PATCH] wordpress: Restrict access to a few version discovery vectors

---
 cookbooks/wordpress/templates/default/apache.erb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/cookbooks/wordpress/templates/default/apache.erb b/cookbooks/wordpress/templates/default/apache.erb
index 95ea84ff7..200c50089 100644
--- a/cookbooks/wordpress/templates/default/apache.erb
+++ b/cookbooks/wordpress/templates/default/apache.erb
@@ -57,6 +57,7 @@
     RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
     RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
     RewriteRule ^wp-includes/theme-compat/ - [F,L]
+    RewriteRule ^readme\.html$ [F,L]
     RewriteCond %{REQUEST_FILENAME} !-f
     RewriteCond %{REQUEST_FILENAME} !-d
     RewriteRule . /index.php [L]
@@ -85,6 +86,10 @@
     Require all denied
   </Directory>
 
+  <Files ~ "\.(txt|md)$">
+    Require all denied
+  </Files>
+
   <Files ~ "~$">
     Require all denied
   </Files>
-- 
2.43.2