Wordpress - Protec with .htaccess

# ####################################################################################### # # HARDENING WORDPRESS VIA HTACCESSS BY INFINITE.SX # # # Special thanks to iThemes Security, Boilerplate, WP Codex, Feross, Perishable Press # # ####################################################################################### # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # Block HTTP request methods that are unused by browsers # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - <IfModule mod_rewrite.c> RewriteCond %{REQUEST_METHOD} !^(GET|POST|HEAD) [NC] RewriteRule ^(.*)$ - [F] RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR] RewriteCond %{QUERY_STRING} ^.*\.(bash|git|hg|log|svn|swp|cvs) [NC,OR] RewriteCond %{QUERY_STRING} etc/passwd [NC,OR] RewriteCond %{QUERY_STRING} boot\.ini [NC,OR] RewriteCond %{QUERY_STRING} ftp\: [NC,OR] RewriteCond %{QUERY_STRING} http\: [NC,OR] RewriteCond %{QUERY_STRING} https\: [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR] RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR] RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*(127\.0).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*(request|concat|insert|union|declare).* [NC] RewriteCond %{QUERY_STRING} !^loggedout=true RewriteCond %{QUERY_STRING} !^action=jetpack-sso RewriteCond %{QUERY_STRING} !^action=rp RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$ RewriteCond %{HTTP_REFERER} !^http://maps\.googleapis\.com(.*)$ RewriteRule ^(.*)$ - [F] </IfModule> <IfModule mod_alias.c> RedirectMatch 403 (https?|ftp|php)\:// RedirectMatch 403 /(https?|ima|ucp)/ RedirectMatch 403 /(Permanent|Better)$ RedirectMatch 403 (\=\\\'|\=\\%27|/\\\'/?|\)\.css\()$ RedirectMatch 403 (\,|\)\+|/\,/|\{0\}|\(/\(|\.\.\.|\+\+\+|\||\\\"\\\") RedirectMatch 403 \.(cgi|asp|aspx|cfg|dll|exe|jsp|mdb|sql|ini|rar)$ RedirectMatch 403 /(contac|fpw|install|pingserver|register)\.php$ RedirectMatch 403 (base64|crossdomain|localhost|wwwroot|e107\_) RedirectMatch 403 (eval\(|\_vti\_|\(null\)|echo.*kae|config\.xml) RedirectMatch 403 \.well\-known/host\-meta RedirectMatch 403 /function\.array\-rand RedirectMatch 403 \)\;\$\(this\)\.html\( RedirectMatch 403 proc/self/environ RedirectMatch 403 msnbot\.htm\)\.\_ RedirectMatch 403 /ref\.outcontrol RedirectMatch 403 com\_cropimage RedirectMatch 403 indonesia\.htm RedirectMatch 403 \{\$itemURL\} RedirectMatch 403 function\(\) RedirectMatch 403 labels\.rdf RedirectMatch 403 /playing.php RedirectMatch 403 muieblackcat </IfModule> <IfModule mod_setenvif.c> Order Allow,Deny Allow from all Deny from 123.151.39. Deny from 77.172.210. Deny from 174.94.131. Deny from 89.238.137.59 Deny from 212.90.148.101 Deny from 91.207.61.129 Deny from 202.46.52.120 Deny from 128.73.60.194 Deny from 68.108.17.141 Deny from 27.54.93.178 Deny from 194.9.94.213 Deny from 122.166.169.127 Deny from 96.9.163.49 Deny from 54.229.73.40 Deny from 203.109.158.201 Deny from 46.105.113.8 Deny from 183.60.244. Deny from 54.232.102.193 Deny from 195.157.124.186 Deny from 118.39.113.219 Deny from 27.255.56.87 Deny from 69.161.138.1 Deny from 192.96.204.42 Deny from 178.63.52.200 Deny from 27.252.92.103 Deny from 37.59.65.58 Deny from 186.202.126.94 Deny from 186.213.72.146 Deny from 186.219.44.6 </IfModule> <IfModule mod_rewrite.c> RewriteCond %{HTTP_HOST} (.*)\.crimea\.com [NC,OR] RewriteCond %{HTTP_HOST} s368\.loopia\.se [NC,OR] RewriteCond %{HTTP_HOST} kanagawa\.ocn [NC,OR] RewriteCond %{HTTP_HOST} g00g1e [NC,OR] RewriteCond %{HTTP_USER_AGENT} (ia_archiver|g00g1e|seekerspider|siclab|spam|sqlmap) [NC] RewriteRule .* - [F,L] </IfModule> # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # Protect WordPress sensitive/legitime files # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - <files wp-config.php> order allow,deny deny from all </files> <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^wp-admin/includes/ - [F,L] RewriteRule !^wp-includes/ - [S=3] RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] RewriteRule ^wp-includes/theme-compat/ - [F,L] </IfModule> <FilesMatch "(^#.*#|\.(bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$"> # Apache < 2.3 <IfModule !mod_authz_core.c> Order allow,deny Deny from all Satisfy All </IfModule> # Apache ≥ 2.3 <IfModule mod_authz_core.c> Require all denied </IfModule> </FilesMatch> # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # Remove server information # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - <IfModule mod_headers.c> Header unset X-Powered-By </IfModule> <IfModule mod_autoindex.c> Options -Indexes </IfModule> ServerSignature Off <IfModule mod_headers.c> Header set X-Content-Type-Options "nosniff" </IfModule> <IfModule mod_headers.c> Header unset ETag </IfModule> FileETag None # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # Block bad scans # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - <IfModule mod_rewrite.c> RewriteCond %{QUERY_STRING} revslider [NC,OR] RewriteCond %{REQUEST_URI} revslider [NC] RewriteRule .* - [F,L] </IfModule> <IfModule mod_rewrite.c> RewriteCond %{QUERY_STRING} http\:\/\/www\.google\.com\/humans\.txt\? [NC] RewriteRule .* - [F,L] </IfModule> # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # Allow cross-origin web fonts # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - <IfModule mod_headers.c> <FilesMatch "\.(eot|otf|tt[cf]|woff2?)$"> Header set Access-Control-Allow-Origin "*" </FilesMatch> </IfModule> # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # Internet Explorer Optimizations # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - <IfModule mod_headers.c> Header set X-UA-Compatible "IE=edge" <FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|webmanifest|woff2?|xloc|xml|xpi)$"> Header unset X-UA-Compatible </FilesMatch> </IfModule> <IfModule mod_headers.c> Header set P3P "policyref=\"/w3c/p3p.xml\", CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"" </IfModule>
Protegendo o Wordpress via .htaccess

1 Response


It installs in the theme folder or to the root of the site?

Write a comment

You can use [html][/html], [css][/css], [php][/php] and more to embed the code. Urls are automatically hyperlinked. Line breaks and paragraphs are automatically generated.