Instantly share code, notes, and snippets.

@Nodws /.htaccess
Last active Nov 29, 2018

Embed
What would you like to do?
Htaccess snips
<FilesMatch "^(wp-config|wp-settings|wp-trackback|wp-comments-post|xmlrpc)\.php$">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
ErrorDocument 410 "Frankly, my dear, I don't give a damn.
#410 Gone with the wind.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(GET|HEAD|POST|PUT)$
RewriteCond %{HTTP_REFERER} !^http://(.*)?yourserver\.com [NC]
RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin(.*)$
RewriteRule ^(.*)$ - [R=410,L]
</IfModule>
//////////////
ONLY allow access from yourserver.com, saving CPU, and server processing.
Create a Secret directory and INDEX file and have it redirect to /wp-admin
<script>
top.location='/wp-admin/'
</script>
SetEnvIf Request_URI "^/\.well-known/" acme
Allow from env=acme
Satisfy any
AuthType Basic
AuthName "index"
AuthUserFile /home/PATH/.htpasswd
Require valid-user
ErrorDocument 401 "No auth
Options -MultiViews
<IfModule mod_rewrite.c>
RewriteEngine On
#with www
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#OR
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#OR
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
#OR
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
@Nodws

This comment has been minimized.

Owner

Nodws commented Mar 15, 2015

pingback and comment spam

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment