For extra security we recommend blocking access to the WordPress readme.html file and other default WordPress files which publicly display your current WordPress version number.

Rather than deleting these files, it’s better to add the following directive to your .htaccess file to block public access to these files.


# Block access to WordPress files that reveal version information.
<filesmatch "^(wp-config\.php|readme\.html|license\.txt)">

    # Apache < 2.3
    <IfModule !mod_authz_core.c>
        Order allow,deny
        Deny from all
        Satisfy All
    </ifmodule>

    # Apache ≥ 2.3
    <ifmodule mod_authz_core.c>
        Require all denied
    </ifmodule>
</filesmatch>

Source HTML5 Boilerplate’s .htaccess for WordPress.