Base htaccess rules

htaccess-vhost

# v2 7/29/2015
# prevent listing files in folders
Options -Indexes

# some security rules
<IfModule mod_rewrite.c>
RewriteEngine On

# prevent php execution in uploads
RewriteRule /uploads/.*\.php - [F]

# login and signup page protection -- thanks to BulletProof Security
# reject spambots, hackerbots & proxies that use server protocol HTTP/1.0 or a blank user agent
RewriteCond %{REQUEST_URI} /wp-(login|signup)\.php
RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
RewriteCond %{THE_REQUEST} HTTP/1\.0$ [OR]
RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$
RewriteRule . - [F]

# Rules to help reduce spam
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} /wp-comments-post\.php
#RewriteCond %{HTTP_REFERER} !^.*com.*
#RewriteCond %{HTTP_REFERER} !^http://jetpack\.wordpress\.com/jetpack-comment/ [OR]
#RewriteCond %{HTTP_USER_AGENT} ^$
RewriteCond %{THE_REQUEST} HTTP/1\.0$ [OR]
RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$
RewriteRule . - [F]

# stop all access to the XML RPC API (e.g. pingbacks, but also apps!)
RewriteCond %{REQUEST_URI} /xmlrpc\.php
# uncomment next line to block bots with no user agent (browser version string)
#RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
RewriteCond %{THE_REQUEST} HTTP/1\.0$ [OR]
RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$
RewriteRule . - [F]

# common vulnerabilities not permitted, scripts not found in WordPress
RewriteCond %{REQUEST_URI} /(login\.php|hello\.php|register\.php|tiki-register\.php|doku\.php|signup\.php|reg\.asp|Class/Post\.asp|post\.asp)$
RewriteRule . - [F]

# spam botnet mounting some sort of attack
# @link http://webmasters.stackexchange.com/q/58871/38641
RewriteCond %{REQUEST_URI} /RK=0/RS=
RewriteRule . - [F]

# Stop Crawler Spam
RewriteCond %{HTTP_REFERER} semalt\.com [NC,OR]
RewriteCond %{HTTP_REFERER} 100dollars\-seo\.com [NC,OR]
RewriteCond %{HTTP_REFERER} best\-seo\-solution\.com [NC,OR]
RewriteCond %{HTTP_REFERER} buttons\-for\-your\-website\.com [NC,OR]
RewriteCond %{HTTP_REFERER} forum69\.info [NC,OR]
RewriteCond %{HTTP_REFERER} buttons\-for\-website\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ranksonic\.com [NC,OR]
RewriteCond %{HTTP_REFERER} 7makemoneyonline\.com [NC,OR]
RewriteCond %{HTTP_REFERER} sharebutton\.net [NC,OR]
RewriteCond %{HTTP_REFERER} sitevaluation\.org [NC,OR]
RewriteCond %{HTTP_REFERER} dailyrank\.net [NC,OR]
RewriteCond %{HTTP_REFERER} videos\-for\-your\-business\.com [NC,OR]
RewriteCond %{HTTP_REFERER} semaltmedia\.com [NC,OR]
RewriteCond %{HTTP_REFERER} best\-seo\-offer\.com [NC]
RewriteRule .* - [F]

# Block attackers by agents
RewriteCond %{HTTP_USER_AGENT} ^.*WinHttp\.WinHttpRequest\.5.*$
RewriteRule .* http://%{REMOTE_ADDR}/ [R,L]		
</IfModule>

# set correct mime types for some files
AddType image/svg+xml .svg
AddType application/font-woff .woff
AddType application/x-font-ttf .ttf
AddType application/vnd.ms-fontobject .eot
AddType application/octet-stream .otf
AddType text/x-component .htc

# compress text, javascript, css, xml, fonts:
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/plain text/css text/javascript text/x-component
AddOutputFilterByType DEFLATE application/xml application/rss+xml application/javascript application/x-javascript application/json
AddOutputFilterByType DEFLATE application/x-font-ttf application/vnd.ms-fontobject image/svg+xml
</IfModule>

# long expiry for javascript, css, images, fonts:
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/svg+xml "access plus 1 month"
ExpiresByType text/css "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType application/x-javascript "access plus 1 month"
ExpiresByType application/font-woff "access plus 1 month"
ExpiresByType application/x-font-ttf "access plus 1 month"
ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
</IfModule>