Last active
November 8, 2022 22:57
-
-
Save calvez/d542e697dac64c3de5ca1d74ee37eb98 to your computer and use it in GitHub Desktop.
Hardening Wordpress sites
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Block the include-only files. | |
<IfModule mod_rewrite.c> | |
RewriteEngine On | |
RewriteBase / | |
RewriteRule ^wp-admin/includes/ - [F,L] | |
RewriteRule !^wp-includes/ - [S=3] | |
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] | |
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] | |
RewriteRule ^wp-includes/theme-compat/ - [F,L] | |
</IfModule> | |
# Protect config | |
<files wp-config.php> | |
order allow,deny | |
deny from all | |
</files> | |
#block access to .inc files sitewide | |
<Files ~ "\.inc$"> | |
Order allow,deny | |
Deny from all | |
</Files> | |
#Protect WP Login | |
ErrorDocument 401 "Unauthorized Access" | |
ErrorDocument 403 "Forbidden" | |
<FilesMatch "wp-login.php"> | |
AuthName "Authorized Access Only" | |
AuthType Basic | |
AuthUserFile /home/.htpasswd | |
require valid-user | |
</FilesMatch> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# htaccess az uploadsmappában | |
# Kill PHP Execution | |
<Files ~ "\.ph(?:p[345]?|t|tml)$"> | |
deny from all | |
</Files> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/* Override of default file permissions */ | |
define( 'FS_CHMOD_DIR', ( 0755 & ~ umask() ) ); | |
define( 'FS_CHMOD_FILE', ( 0644 & ~ umask() ) ); | |
/* Define home */ | |
define('WP_HOME','http://SITENAME.XX'); | |
define('WP_SITEURL','http://SITENAME.XX'); | |
/* Set the new content directory instead of wp-contents */ | |
define( 'WP_CONTENT_DIR', dirname( __FILE__ ) . '/assets' ); | |
define( 'WP_CONTENT_URL', 'http://' . $_SERVER['HTTP_HOST'] . '/assets' ); | |
/* Set the new plugin directory */ | |
define( 'WP_PLUGIN_DIR', dirname(__FILE__) . '/plugins' ); | |
define( 'WP_PLUGIN_URL', 'http://' . $_SERVER['HTTP_HOST'] . '/plugins' ); | |
/* Set the uploads directory */ | |
define('UPLOADS', 'assets/uploads'); | |
/* Disallow file edit*/ | |
define('DISALLOW_FILE_EDIT', true); | |
/* Auto update core*/ | |
define( 'WP_AUTO_UPDATE_CORE', true ); | |
/* Ennyi volt, kellemes blogolást! */ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment