From aa0311741d1914e7a656a216d3dd48d8a3acdc5e Mon Sep 17 00:00:00 2001
From: Ben Word <ben@benword.com>
Date: Tue, 30 Apr 2013 21:07:30 -0500
Subject: [PATCH] Accidentally removed with
 be2e203cc5b543f71c3ccc1bc950ac1bc0edfa97

---
 lib/h5bp-htaccess | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/lib/h5bp-htaccess b/lib/h5bp-htaccess
index 343e0f4..1a2a61b 100644
--- a/lib/h5bp-htaccess
+++ b/lib/h5bp-htaccess
@@ -356,6 +356,13 @@ AddCharset utf-8 .atom .css .js .json .rss .vtt .xml
   Satisfy All
 </FilesMatch>
 
+# Block access to WordPress files that reveal version information.
+<FilesMatch "^(wp-config\.php|readme\.html|license\.txt)">
+  Order allow,deny
+  Deny from all
+  Satisfy All
+</FilesMatch>
+
 # If your server is not already configured as such, the following directive
 # should be uncommented in order to set PHP's register_globals option to OFF.
 # This closes a major security hole that is abused by most XSS (cross-site