diff --git a/lib/h5bp-htaccess b/lib/h5bp-htaccess
index 343e0f4..1a2a61b 100644
--- a/lib/h5bp-htaccess
+++ b/lib/h5bp-htaccess
@@ -356,6 +356,13 @@ AddCharset utf-8 .atom .css .js .json .rss .vtt .xml
   Satisfy All
 </FilesMatch>
 
+# Block access to WordPress files that reveal version information.
+<FilesMatch "^(wp-config\.php|readme\.html|license\.txt)">
+  Order allow,deny
+  Deny from all
+  Satisfy All
+</FilesMatch>
+
 # If your server is not already configured as such, the following directive
 # should be uncommented in order to set PHP's register_globals option to OFF.
 # This closes a major security hole that is abused by most XSS (cross-site