Skip to content

Instantly share code, notes, and snippets.



Last active Sep 15, 2020
What would you like to do?
Htaccess snips
#<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
<ifModule mod_headers.c>
Header always set Content-Security-Policy "upgrade-insecure-requests;"
Header set Access-Control-Allow-Origin "*"
<FilesMatch "^(wp-config|wp-settings|wp-trackback|wp-comments-post|xmlrpc)\.php$">
Order allow,deny
Deny from all
Satisfy All
ErrorDocument 410 "Frankly, my dear, I don't give a damn.
#410 Gone with the wind.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://(.*)?yourserver\.com [NC]
RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin(.*)$
RewriteRule ^(.*)$ - [R=410,L]
ONLY allow access from, saving CPU, and server processing.
Create a Secret directory and INDEX file and have it redirect to /wp-admin
SetEnvIf Request_URI "^/\.well-known/" acme
Allow from env=acme
Satisfy any
AuthType Basic
AuthName "index"
AuthUserFile /home/PATH/.htpasswd
Require valid-user
ErrorDocument 401 "No auth
Options -MultiViews
<IfModule mod_rewrite.c>
RewriteEngine On
#with www
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#without www
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule .* https://%1/$1 [R=301,L]
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$$1 [R=301,L]
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.