Last active
September 27, 2017 10:00
-
-
Save artes-visuales/79b01fe88d2f103dfa94 to your computer and use it in GitHub Desktop.
WordPress Seguridad
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Parametros seguridad de WordPress |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # sin acceso a proc/self/environ | |
| RewriteCond %{QUERY_STRING} proc/self/environ [OR] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # bloquear cualquier script que trate de establecer un valor mosConfig a través de una URL | |
| RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # bloquear cualquier script que trate de colocarte código codificado base64_encode a través de una URL | |
| RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # bloquea cualquier script que incluya la tag <script> en la URL | |
| RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # bloquea cualquier script que trate de establecer la variable PHP GLOBALS a través de una URL | |
| RewriteCond %{QUERY_STRING} GLOBALS(=|[|\%[0-9A-Z]{0,2}) [OR] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # bloquea cualquier script que trate de modificar una variable _REQUEST a través de una URL | |
| RewriteCond %{QUERY_STRING} _REQUEST(=|[|\%[0-9A-Z]{0,2}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # manda a todas las peticiones bloqueadas a la página principal con un error de 403 Prohibido | |
| RewriteRule ^(.*)$ index.php [F,L] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Evitar la exploración de carpetas. | |
| Options All -Indexes |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Proteger wp-config | |
| <files wp-config.php> | |
| order allow,deny | |
| deny from all | |
| </files> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Optimizar: Activar Specify a cache validator | |
| <ifmodule mod_expires.c> | |
| ExpiresActive On | |
| ExpiresDefault A3600 | |
| <filesmatch ".(jpg|JPG|gif|GIF|png|css|ico|js)$"> | |
| ExpiresDefault "access plus 1 week" | |
| </filesmatch> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Protegiendo el mismo fichero htaccess | |
| <files .htaccess> | |
| order allow,deny | |
| deny from all | |
| </files> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Proteger wp-includes: block the include-only files. | |
| RewriteEngine On | |
| RewriteBase / | |
| RewriteRule ^wp-admin/includes/ - [F,L] | |
| RewriteRule !^wp-includes/ - [S=3] | |
| RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] | |
| RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] | |
| RewriteRule ^wp-includes/theme-compat/ - [F,L] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Proteger los plugins | |
| <Files ~ "\.(js|css)$"> | |
| order allow,deny | |
| allow from all | |
| </Files> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Optimizar info cabeceras: Accept-Encoding header | |
| <IfModule mod_headers.c> | |
| <FilesMatch "\.(js|css|xml|gz)$"> | |
| Header append Vary: Accept-Encoding | |
| </FilesMatch> | |
| </IfModule> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Optimizar: Desactivar ETAG | |
| <ifModule mod_headers.c> | |
| Header unset ETag | |
| </ifModule> | |
| FileETag None |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Optimizar conexiones: Enable Keep-Alive | |
| <ifModule mod_headers.c> | |
| Header set Connection keep-alive | |
| </ifModule> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Optimizar: Enable gzip compression | |
| AddOutputFilterByType DEFLATE text/plain | |
| AddOutputFilterByType DEFLATE text/html | |
| AddOutputFilterByType DEFLATE text/xml | |
| AddOutputFilterByType DEFLATE text/css | |
| AddOutputFilterByType DEFLATE application/xml | |
| AddOutputFilterByType DEFLATE application/xhtml+xml | |
| AddOutputFilterByType DEFLATE application/rss+xml | |
| AddOutputFilterByType DEFLATE application/javascript | |
| AddOutputFilterByType DEFLATE application/x-javascript |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Baneo por IP a HP :-) | |
| <Limit GET POST> | |
| order allow,deny | |
| deny from 100.43.81.9 | |
| allow from all | |
| </Limit> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Bloqueo peticiones xmlrpc.php | |
| <Files xmlrpc.php> | |
| order deny,allow | |
| deny from all | |
| </Files> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # BLOQUEO DE ROBOTS MALICIOSOS | |
| <IfModule mod_setenvif.c> | |
| SetEnvIfNoCase User-Agent ^$ keep_out | |
| SetEnvIfNoCase User-Agent (purebot|comodo|feedfinder) keep_out | |
| SetEnvIfNoCase User-Agent (flicky|ia_archiver|jakarta|kmccrew) keep_out | |
| SetEnvIfNoCase User-Agent (libwww|planetwork|pycurl|skygrid) keep_out | |
| SetEnvIfNoCase User-Agent (casper|cmsworldmap|diavol|dotbot) keep_out | |
| <Limit GET POST PUT> | |
| Order Allow,Deny | |
| Allow from all | |
| Deny from env=keep_out | |
| </Limit> | |
| </IfModule> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # BLOQUEO DE SPAM AUTOMATIZADOS | |
| <IfModule mod_rewrite.c> | |
| RewriteEngine On | |
| RewriteCond %{REQUEST_METHOD} POST | |
| RewriteCond %{HTTP_USER_AGENT} ^$ [OR] | |
| RewriteCond %{HTTP_REFERER} !.*misitio.com.* [NC] | |
| RewriteCond %{REQUEST_URI} /wp\-comments\-post\.php [NC] | |
| RewriteRule .* - [F,NC,L] | |
| </IfModule> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # PROTECCION HOTLINK | |
| <IfModule mod_rewrite.c> | |
| RewriteEngine on | |
| RewriteCond %{HTTP_REFERER} !^$ | |
| RewriteCond %{REQUEST_FILENAME} -f | |
| RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g?|png)$ [NC] | |
| RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?midominio\. [NC] | |
| RewriteRule \.(gif|jpe?g?|png)$ - [F,NC,L] | |
| </IfModule> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #WFCACHECODE - Do not remove this line. Disable Web Caching in Wordfence to remove this data. | |
| <IfModule mod_deflate.c> | |
| AddOutputFilterByType DEFLATE text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/html text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon application/json | |
| <IfModule mod_headers.c> | |
| Header append Vary User-Agent env=!dont-vary | |
| </IfModule> | |
| <IfModule mod_mime.c> | |
| AddOutputFilter DEFLATE js css htm html xml | |
| </IfModule> | |
| </IfModule> | |
| <IfModule mod_mime.c> | |
| AddType text/html .html_gzip | |
| AddEncoding gzip .html_gzip | |
| AddType text/xml .xml_gzip | |
| AddEncoding gzip .xml_gzip | |
| </IfModule> | |
| <IfModule mod_setenvif.c> | |
| SetEnvIfNoCase Request_URI \.html_gzip$ no-gzip | |
| SetEnvIfNoCase Request_URI \.xml_gzip$ no-gzip | |
| </IfModule> | |
| <IfModule mod_headers.c> | |
| Header set Vary "Accept-Encoding, Cookie" | |
| </IfModule> | |
| <IfModule mod_rewrite.c> | |
| #Prevents garbled chars in cached files if there is no default charset. | |
| AddDefaultCharset utf-8 | |
| #Cache rules: | |
| RewriteEngine On | |
| RewriteBase / | |
| RewriteCond %{HTTPS} on | |
| RewriteRule .* - [E=WRDFNC_HTTPS:_https] | |
| RewriteCond %{HTTP:Accept-Encoding} gzip | |
| RewriteRule .* - [E=WRDFNC_ENC:_gzip] | |
| RewriteCond %{REQUEST_METHOD} !=POST | |
| RewriteCond %{HTTPS} off | |
| RewriteCond %{QUERY_STRING} ^(?:\d+=\d+)?$ | |
| RewriteCond %{REQUEST_URI} (?:\/|\.html)$ [NC] | |
| RewriteCond %{HTTP_COOKIE} !(comment_author|wp\-postpass|wf_logout|wordpress_logged_in|wptouch_switch_toggle|wpmp_switcher) [NC] | |
| RewriteCond %{REQUEST_URI} \/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)(.*)$ | |
| RewriteCond "%{DOCUMENT_ROOT}/wp-content/wfcache/%{HTTP_HOST}_%1/%2~%3~%4~%5~%6_wfcache%{ENV:WRDFNC_HTTPS}.html%{ENV:WRDFNC_ENC}" -f | |
| RewriteRule \/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)(.*)$ "/wp-content/wfcache/%{HTTP_HOST}_$1/$2~$3~$4~$5~$6_wfcache%{ENV:WRDFNC_HTTPS}.html%{ENV:WRDFNC_ENC}" [L] | |
| </IfModule> | |
| #Do not remove this line. Disable Web caching in Wordfence to remove this data - WFCACHECODE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # @ https://perishablepress.com/6g/ | |
| # 6G:[QUERY STRINGS] | |
| <IfModule mod_rewrite.c> | |
| RewriteEngine On | |
| RewriteCond %{QUERY_STRING} (eval\() [NC,OR] | |
| RewriteCond %{QUERY_STRING} (127\.0\.0\.1) [NC,OR] | |
| RewriteCond %{QUERY_STRING} ([a-z0-9]{2000}) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (javascript:)(.*)(;) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (base64_encode)(.*)(\() [NC,OR] | |
| RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (<|%3C)(.*)script(.*)(>|%3) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (\\|\.\.\.|\.\./|~|`|<|>|\|) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (boot\.ini|etc/passwd|self/environ) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (thumbs?(_editor|open)?|tim(thumb)?)\.php [NC,OR] | |
| RewriteCond %{QUERY_STRING} (\'|\")(.*)(drop|insert|md5|select|union) [NC] | |
| RewriteRule .* - [F] | |
| </IfModule> | |
| # 6G:[REQUEST METHOD] | |
| <IfModule mod_rewrite.c> | |
| RewriteCond %{REQUEST_METHOD} ^(connect|debug|delete|move|put|trace|track) [NC] | |
| RewriteRule .* - [F] | |
| </IfModule> | |
| # 6G:[REFERRERS] | |
| <IfModule mod_rewrite.c> | |
| RewriteCond %{HTTP_REFERER} ([a-z0-9]{2000}) [NC,OR] | |
| RewriteCond %{HTTP_REFERER} (semalt.com|todaperfeita) [NC] | |
| RewriteRule .* - [F] | |
| </IfModule> | |
| # 6G:[REQUEST STRINGS] | |
| <IfModule mod_alias.c> | |
| RedirectMatch 403 (?i)([a-z0-9]{2000}) | |
| RedirectMatch 403 (?i)(https?|ftp|php):/ | |
| RedirectMatch 403 (?i)(base64_encode)(.*)(\() | |
| RedirectMatch 403 (?i)(=\\\'|=\\%27|/\\\'/?)\. | |
| RedirectMatch 403 (?i)/(\$(\&)?|\*|\"|\.|,|&|&?)/?$ | |
| RedirectMatch 403 (?i)(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\") | |
| RedirectMatch 403 (?i)(~|`|<|>|:|;|,|%|\\|\s|\{|\}|\[|\]|\|) | |
| RedirectMatch 403 (?i)/(=|\$&|_mm|cgi-|etc/passwd|muieblack) | |
| RedirectMatch 403 (?i)(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ) | |
| RedirectMatch 403 (?i)\.(aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rar|rdf)$ | |
| RedirectMatch 403 (?i)/(^$|(wp-)?config|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php | |
| </IfModule> | |
| # 6G:[USER AGENTS] | |
| <IfModule mod_setenvif.c> | |
| SetEnvIfNoCase User-Agent ([a-z0-9]{2000}) bad_bot | |
| SetEnvIfNoCase User-Agent (archive.org|binlar|casper|checkpriv|choppy|clshttp|cmsworld|diavol|dotbot|extract|feedfinder|flicky|g00g1e|harvest|heritrix|httrack|kmccrew|loader|miner|nikto|nutch|planetwork|postrank|purebot|pycurl|python|seekerspider|siclab|skygrid|sqlmap|sucker|turnit|vikspider|winhttp|xxxyy|youda|zmeu|zune) bad_bot | |
| # Apache < 2.3 | |
| <IfModule !mod_authz_core.c> | |
| Order Allow,Deny | |
| Allow from all | |
| Deny from env=bad_bot | |
| </IfModule> | |
| # Apache >= 2.3 | |
| <IfModule mod_authz_core.c> | |
| <RequireAll> | |
| Require all Granted | |
| Require not env bad_bot | |
| </RequireAll> | |
| </IfModule> | |
| </IfModule> | |
| # 6G:[BAD IPS] | |
| <Limit GET HEAD OPTIONS POST PUT> | |
| Order Allow,Deny | |
| Allow from All | |
| # uncomment/edit/repeat next line to block IPs | |
| # Deny from 123.456.789 | |
| </Limit> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment