Last active
September 21, 2017 10:20
-
-
Save afbora/d91b39a327ab06ec99fb0ac67cd33cf9 to your computer and use it in GitHub Desktop.
All In One WP Security
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# BEGIN All In One WP Security | |
#AIOWPS_BLOCK_WP_FILE_ACCESS_START | |
<Files license.txt> | |
order allow,deny | |
deny from all | |
</files> | |
<Files wp-config-sample.php> | |
order allow,deny | |
deny from all | |
</Files> | |
<Files readme.html> | |
order allow,deny | |
deny from all | |
</Files> | |
#AIOWPS_BLOCK_WP_FILE_ACCESS_END | |
#AIOWPS_BASIC_HTACCESS_RULES_START | |
<Files .htaccess> | |
order allow,deny | |
deny from all | |
</Files> | |
ServerSignature Off | |
LimitRequestBody 10240000 | |
<Files wp-config.php> | |
order allow,deny | |
deny from all | |
</Files> | |
#AIOWPS_BASIC_HTACCESS_RULES_END | |
#AIOWPS_PINGBACK_HTACCESS_RULES_START | |
<Files xmlrpc.php> | |
order deny,allow | |
deny from all | |
</Files> | |
#AIOWPS_PINGBACK_HTACCESS_RULES_END | |
#AIOWPS_DEBUG_LOG_BLOCK_HTACCESS_RULES_START | |
<Files debug.log> | |
order deny,allow | |
deny from all | |
</Files> | |
#AIOWPS_DEBUG_LOG_BLOCK_HTACCESS_RULES_END | |
#AIOWPS_DISABLE_INDEX_VIEWS_START | |
Options -Indexes | |
#AIOWPS_DISABLE_INDEX_VIEWS_END | |
#AIOWPS_DISABLE_TRACE_TRACK_START | |
RewriteEngine On | |
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) | |
RewriteRule .* - [F] | |
#AIOWPS_DISABLE_TRACE_TRACK_END | |
#AIOWPS_FORBID_PROXY_COMMENTS_START | |
RewriteCond %{REQUEST_METHOD} ^POST | |
RewriteCond %{HTTP:VIA} !^$ [OR] | |
RewriteCond %{HTTP:FORWARDED} !^$ [OR] | |
RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR] | |
RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR] | |
RewriteCond %{HTTP:X_FORWARDED_HOST} !^$ [OR] | |
RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR] | |
RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR] | |
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR] | |
RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$ | |
RewriteRule wp-comments-post\.php - [F] | |
#AIOWPS_FORBID_PROXY_COMMENTS_END | |
#AIOWPS_DENY_BAD_QUERY_STRINGS_START | |
RewriteCond %{QUERY_STRING} ftp: [NC,OR] | |
RewriteCond %{QUERY_STRING} http: [NC,OR] | |
RewriteCond %{QUERY_STRING} https: [NC,OR] | |
RewriteCond %{QUERY_STRING} mosConfig [NC,OR] | |
RewriteCond %{QUERY_STRING} ^.(globals|encode|localhost|loopback). [NC,OR] | |
RewriteCond %{QUERY_STRING} (\;|'|\"|%22).*(request|insert|union|declare|drop) [NC] | |
RewriteRule ^(.*)$ - [F,L] | |
#AIOWPS_DENY_BAD_QUERY_STRINGS_END | |
#AIOWPS_ADVANCED_CHAR_STRING_FILTER_START | |
<IfModule mod_alias.c> | |
RedirectMatch 403 \, | |
RedirectMatch 403 \: | |
RedirectMatch 403 \; | |
RedirectMatch 403 \= | |
RedirectMatch 403 \[ | |
RedirectMatch 403 \] | |
RedirectMatch 403 \^ | |
RedirectMatch 403 \` | |
RedirectMatch 403 \{ | |
RedirectMatch 403 \} | |
RedirectMatch 403 \~ | |
RedirectMatch 403 \" | |
RedirectMatch 403 \$ | |
RedirectMatch 403 \< | |
RedirectMatch 403 \> | |
RedirectMatch 403 \| | |
RedirectMatch 403 \.\. | |
RedirectMatch 403 \%0 | |
RedirectMatch 403 \%A | |
RedirectMatch 403 \%B | |
RedirectMatch 403 \%C | |
RedirectMatch 403 \%D | |
RedirectMatch 403 \%E | |
RedirectMatch 403 \%F | |
RedirectMatch 403 \%22 | |
RedirectMatch 403 \%27 | |
RedirectMatch 403 \%28 | |
RedirectMatch 403 \%29 | |
RedirectMatch 403 \%3C | |
RedirectMatch 403 \%3E | |
RedirectMatch 403 \%3F | |
RedirectMatch 403 \%5B | |
RedirectMatch 403 \%5C | |
RedirectMatch 403 \%5D | |
RedirectMatch 403 \%7B | |
RedirectMatch 403 \%7C | |
RedirectMatch 403 \%7D | |
# COMMON PATTERNS | |
Redirectmatch 403 \_vpi | |
RedirectMatch 403 \.inc | |
Redirectmatch 403 xAou6 | |
Redirectmatch 403 db\_name | |
Redirectmatch 403 select\( | |
Redirectmatch 403 convert\( | |
Redirectmatch 403 \/query\/ | |
RedirectMatch 403 ImpEvData | |
Redirectmatch 403 \.XMLHTTP | |
Redirectmatch 403 proxydeny | |
RedirectMatch 403 function\. | |
Redirectmatch 403 remoteFile | |
Redirectmatch 403 servername | |
Redirectmatch 403 \&rptmode\= | |
Redirectmatch 403 sys\_cpanel | |
RedirectMatch 403 db\_connect | |
RedirectMatch 403 doeditconfig | |
RedirectMatch 403 check\_proxy | |
Redirectmatch 403 system\_user | |
Redirectmatch 403 \/\(null\)\/ | |
Redirectmatch 403 clientrequest | |
Redirectmatch 403 option\_value | |
RedirectMatch 403 ref\.outcontrol | |
# SPECIFIC EXPLOITS | |
RedirectMatch 403 errors\. | |
RedirectMatch 403 config\. | |
RedirectMatch 403 include\. | |
RedirectMatch 403 display\. | |
RedirectMatch 403 register\. | |
Redirectmatch 403 password\. | |
RedirectMatch 403 maincore\. | |
RedirectMatch 403 authorize\. | |
Redirectmatch 403 macromates\. | |
RedirectMatch 403 head\_auth\. | |
RedirectMatch 403 submit\_links\. | |
RedirectMatch 403 change\_action\. | |
Redirectmatch 403 com\_facileforms\/ | |
RedirectMatch 403 admin\_db\_utilities\. | |
RedirectMatch 403 admin\.webring\.docs\. | |
Redirectmatch 403 Table\/Latest\/index\. | |
</IfModule> | |
#AIOWPS_ADVANCED_CHAR_STRING_FILTER_END | |
#AIOWPS_SIX_G_BLACKLIST_START | |
# 6G BLACKLIST/FIREWALL (2016) | |
# @ https://perishablepress.com/6g/ | |
# 6G:[QUERY STRINGS] | |
<IfModule mod_rewrite.c> | |
RewriteEngine On | |
RewriteCond %{QUERY_STRING} (eval\() [NC,OR] | |
RewriteCond %{QUERY_STRING} (127\.0\.0\.1) [NC,OR] | |
RewriteCond %{QUERY_STRING} ([a-z0-9]{2000}) [NC,OR] | |
RewriteCond %{QUERY_STRING} (javascript:)(.*)(;) [NC,OR] | |
RewriteCond %{QUERY_STRING} (base64_encode)(.*)(\() [NC,OR] | |
RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC,OR] | |
RewriteCond %{QUERY_STRING} (<|%3C)(.)script(.)(>|%3) [NC,OR] | |
RewriteCond %{QUERY_STRING} (\|\.\.\.|\.\./|~|`|<|>|\|) [NC,OR] | |
RewriteCond %{QUERY_STRING} (boot\.ini|etc/passwd|self/environ) [NC,OR] | |
RewriteCond %{QUERY_STRING} (thumbs?(_editor|open)?|tim(thumb)?)\.php [NC,OR] | |
RewriteCond %{QUERY_STRING} ('|\")(.*)(drop|insert|md5|select|union) [NC] | |
RewriteRule .* - [F] | |
</IfModule> | |
# 6G:[REQUEST METHOD] | |
<ifModule mod_rewrite.c> | |
RewriteCond %{REQUEST_METHOD} ^(connect|debug|delete|move|put|trace|track) [NC] | |
RewriteRule .* - [F] | |
</IfModule> | |
# 6G:[REFERRERS] | |
<IfModule mod_rewrite.c> | |
RewriteCond %{HTTP_REFERER} ([a-z0-9]{2000}) [NC,OR] | |
RewriteCond %{HTTP_REFERER} (semalt.com|todaperfeita) [NC] | |
RewriteRule .* - [F] | |
</IfModule> | |
# 6G:[REQUEST STRINGS] | |
<IfModule mod_alias.c> | |
RedirectMatch 403 (?i)([a-z0-9]{2000}) | |
RedirectMatch 403 (?i)(https?|ftp|php):/ | |
RedirectMatch 403 (?i)(base64_encode)(.*)(\() | |
RedirectMatch 403 (?i)(=\'|=\%27|/\'/?)\. | |
RedirectMatch 403 (?i)/(\$(\&)?|\*|\"|\.|,|&|&?)/?$ | |
RedirectMatch 403 (?i)(\{0\}|\(/\(|\.\.\.|\+\+\+|\\"\\") | |
RedirectMatch 403 (?i)(~|`|<|>|:|;|,|%|\|\s|\{|\}|\[|\]|\|) | |
RedirectMatch 403 (?i)/(=|\$&|_mm|cgi-|etc/passwd|muieblack) | |
RedirectMatch 403 (?i)(&pws=0|vti|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ) | |
RedirectMatch 403 (?i)\.(aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rar|rdf)$ | |
RedirectMatch 403 (?i)/(^$|(wp-)?config|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php | |
</IfModule> | |
# 6G:[USER AGENTS] | |
<IfModule mod_setenvif.c> | |
SetEnvIfNoCase User-Agent ([a-z0-9]{2000}) bad_bot | |
SetEnvIfNoCase User-Agent (archive.org|binlar|casper|checkpriv|choppy|clshttp|cmsworld|diavol|dotbot|extract|feedfinder|flicky|g00g1e|harvest|heritrix|httrack|kmccrew|loader|miner|nikto|nutch|planetwork|postrank|purebot|pycurl|python|seekerspider|siclab|skygrid|sqlmap|sucker|turnit|vikspider|winhttp|xxxyy|youda|zmeu|zune) bad_bot | |
<limit GET POST PUT> | |
Order Allow,Deny | |
Allow from all | |
Deny from env=bad_bot | |
</limit> | |
</IfModule> | |
#AIOWPS_SIX_G_BLACKLIST_END | |
#AIOWPS_FIVE_G_BLACKLIST_START | |
# 5G BLACKLIST/FIREWALL (2013) | |
# @ http://perishablepress.com/5g-blacklist-2013/ | |
# 5G:[QUERY STRINGS] | |
<IfModule mod_rewrite.c> | |
RewriteEngine On | |
RewriteBase / | |
RewriteCond %{QUERY_STRING} (\"|%22).*(<|>|%3) [NC,OR] | |
RewriteCond %{QUERY_STRING} (javascript:).*(\;) [NC,OR] | |
RewriteCond %{QUERY_STRING} (<|%3C).script.(>|%3) [NC,OR] | |
RewriteCond %{QUERY_STRING} (\\|\.\./|`|='$|=%27$) [NC,OR] | |
RewriteCond %{QUERY_STRING} (\;|'|\"|%22).*(union|select|insert|drop|update|md5|benchmark|or|and|if) [NC,OR] | |
RewriteCond %{QUERY_STRING} (base64_encode|localhost|mosconfig) [NC,OR] | |
RewriteCond %{QUERY_STRING} (boot\.ini|echo.*kae|etc/passwd) [NC,OR] | |
RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC] | |
RewriteRule .* - [F] | |
</IfModule> | |
# 5G:[USER AGENTS] | |
<IfModule mod_setenvif.c> | |
# SetEnvIfNoCase User-Agent ^$ keep_out | |
SetEnvIfNoCase User-Agent (binlar|casper|cmsworldmap|comodo|diavol|dotbot|feedfinder|flicky|ia_archiver|jakarta|kmccrew|nutch|planetwork|purebot|pycurl|skygrid|sucker|turnit|vikspider|zmeu) keep_out | |
<limit GET POST PUT> | |
Order Allow,Deny | |
Allow from all | |
Deny from env=keep_out | |
</limit> | |
</IfModule> | |
# 5G:[REQUEST STRINGS] | |
<IfModule mod_alias.c> | |
RedirectMatch 403 (https?|ftp|php)\:// | |
RedirectMatch 403 /(https?|ima|ucp)/ | |
RedirectMatch 403 /(Permanent|Better)$ | |
RedirectMatch 403 (\=\\\'|\=\\%27|/\\\'/?|\)\.css\()$ | |
RedirectMatch 403 (\,|\)\+|/\,/|\{0\}|\(/\(|\.\.\.|\+\+\+|\||\\\"\\\") | |
RedirectMatch 403 \.(cgi|asp|aspx|cfg|dll|exe|jsp|mdb|sql|ini|rar)$ | |
RedirectMatch 403 /(contac|fpw|install|pingserver|register)\.php$ | |
RedirectMatch 403 (base64|crossdomain|localhost|wwwroot|e107\_) | |
RedirectMatch 403 (eval\(|\_vti\_|\(null\)|echo.*kae|config\.xml) | |
RedirectMatch 403 \.well\-known/host\-meta | |
RedirectMatch 403 /function\.array\-rand | |
RedirectMatch 403 \)\;\$\(this\)\.html\( | |
RedirectMatch 403 proc/self/environ | |
RedirectMatch 403 msnbot\.htm\)\.\_ | |
RedirectMatch 403 /ref\.outcontrol | |
RedirectMatch 403 com\_cropimage | |
RedirectMatch 403 indonesia\.htm | |
RedirectMatch 403 \{\$itemURL\} | |
RedirectMatch 403 function\(\) | |
RedirectMatch 403 labels\.rdf | |
RedirectMatch 403 /playing.php | |
RedirectMatch 403 muieblackcat | |
</IfModule> | |
# 5G:[REQUEST METHOD] | |
<ifModule mod_rewrite.c> | |
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) | |
RewriteRule .* - [F] | |
</IfModule> | |
#AIOWPS_FIVE_G_BLACKLIST_END | |
#AIOWPS_BLOCK_SPAMBOTS_START | |
<IfModule mod_rewrite.c> | |
RewriteCond %{REQUEST_METHOD} POST | |
RewriteCond %{REQUEST_URI} ^(.)?wp-comments-post\.php(.)$ | |
RewriteCond %{HTTP_REFERER} !^http(s)?://www\.domain\.com [NC,OR] | |
RewriteCond %{HTTP_USER_AGENT} ^$ | |
RewriteRule .* http://127.0.0.1 [L] | |
</IfModule> | |
#AIOWPS_BLOCK_SPAMBOTS_END | |
#AIOWPS_PREVENT_IMAGE_HOTLINKS_START | |
<IfModule mod_rewrite.c> | |
RewriteEngine on | |
RewriteCond %{HTTP_REFERER} !^$ | |
RewriteCond %{REQUEST_FILENAME} -f | |
RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g?|png)$ [NC] | |
RewriteCond %{HTTP_REFERER} !^http(s)?://www\.domain\.com [NC] | |
RewriteRule \.(gif|jpe?g?|png)$ - [F,NC,L] | |
</IfModule> | |
#AIOWPS_PREVENT_IMAGE_HOTLINKS_END | |
# END All In One WP Security | |
# BEGIN WordPress | |
<IfModule mod_rewrite.c> | |
RewriteEngine On | |
RewriteBase / | |
RewriteRule ^index\.php$ - [L] | |
RewriteCond %{REQUEST_FILENAME} !-f | |
RewriteCond %{REQUEST_FILENAME} !-d | |
RewriteRule . /index.php [L] | |
</IfModule> | |
# END WordPress |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment