Created
October 29, 2016 00:13
-
-
Save diegoos/6b6d51aa1d5f2f2aa4af17fca214db26 to your computer and use it in GitHub Desktop.
Wordpress Security Tricks and Browser Cache on htaccess
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
##### Wordpress security BEGIN ##### | |
## Disable directory browsing | |
Options All -Indexes | |
## Protect wp-config | |
<files wp-config.php> | |
order allow,deny | |
deny from all | |
</files> | |
## Protect htaccess | |
<files ~ "^.*\.([Hh][Tt][Aa])"> | |
order allow,deny | |
deny from all | |
</files> | |
## Prevent image hotlinking script. Replace last URL with any image link you want. | |
RewriteEngine on | |
RewriteCond %{HTTP_REFERER} !^$ | |
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?mydomain.com [NC] | |
# Send to others an custom image | |
RewriteRule \.(jpg|jpeg|png|gif)$ http://www.somedomain.com/myimage.jpg [NC,R,L] | |
## Setup browser caching | |
<IfModule mod_expires.c> | |
ExpiresActive On | |
ExpiresByType image/jpg "access 1 year" | |
ExpiresByType image/jpeg "access 1 year" | |
ExpiresByType image/gif "access 1 year" | |
ExpiresByType image/png "access 1 year" | |
ExpiresByType text/css "access 1 month" | |
ExpiresByType application/pdf "access 1 month" | |
ExpiresByType text/x-javascript "access 1 month" | |
ExpiresByType application/x-shockwave-flash "access 1 month" | |
ExpiresByType image/x-icon "access 1 year" | |
ExpiresDefault "access 2 days" | |
</IfModule> | |
## Block the include-only files. | |
<IfModule mod_rewrite.c> | |
RewriteEngine On | |
RewriteBase / | |
RewriteRule ^wp-admin/includes/ - [F,L] | |
RewriteRule !^wp-includes/ - [S=3] | |
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] | |
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] | |
RewriteRule ^wp-includes/theme-compat/ - [F,L] | |
</IfModule> | |
## Protect login with other password | |
<FilesMatch "wp-login.php"> | |
AuthType Basic | |
AuthName "restricted area" | |
AuthUserFile /var/www/.htpasswd | |
require valid-user | |
</FilesMatch> | |
##### Wordpress security END ##### |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Protect wp-login directory on apache vhost config | |
<Directory /var/www/html/wp-admin > | |
AuthType Basic | |
AuthName "Área Restrita" | |
AuthUserFile /var/www/.htpasswd | |
require valid-user | |
</Directory> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment