-
-
Save feliperomero3/3883cd8d2359009c6af3366f6e24acf6 to your computer and use it in GitHub Desktop.
Improve WordPress security
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Enable .htpasswd authentication | |
# <If "%{HTTP_HOST} != 'dev'"> | |
# AuthType Basic | |
# AuthName "Login to dashboard" | |
# AuthUserFile /path/to/.htpasswd | |
# Require valid-user | |
# </If> | |
# Deny access to all .htaccess files | |
<files ~ "^.*\.([Hh][Tt][Aa])"> | |
order allow,deny | |
deny from all | |
satisfy all | |
</files> | |
# Deny access to wp-config.php file | |
<files wp-config.php> | |
order allow,deny | |
deny from all | |
</files> | |
# Disable directory browsing | |
Options ALL -Indexes | |
# Disable access to all file types except the following | |
Order deny,allow | |
Deny from all | |
<Files ~ ".(xml|css|js|jpe?g|png|gif|pdf|docx|rtf|odf|zip|rar)$"> | |
Allow from all | |
</Files> | |
# Block wp-includes folder and files | |
<IfModule mod_rewrite.c> | |
RewriteEngine On | |
RewriteBase / | |
RewriteRule ^wp-admin/includes/ - [F,L] | |
RewriteRule !^wp-includes/ - [S=3] | |
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] | |
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] | |
RewriteRule ^wp-includes/theme-compat/ - [F,L] | |
</IfModule> | |
# Prevent image hotlinking script. Replace last URL with any image link you want. | |
# <IfModule mod_rewrite.c> | |
# RewriteEngine on | |
# RewriteCond %{HTTP_REFERER} !^$ | |
# RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourwebsite.com [NC] | |
# RewriteRule \.(jpg|jpeg|png|gif)$ http://i.imgur.com/MlQAH71.jpg [NC,R,L] | |
# </IfModule> | |
# Setup browser caching | |
<IfModule mod_expires.c> | |
ExpiresActive On | |
ExpiresByType image/jpg "access 1 year" | |
ExpiresByType image/jpeg "access 1 year" | |
ExpiresByType image/gif "access 1 year" | |
ExpiresByType image/png "access 1 year" | |
ExpiresByType text/css "access 1 month" | |
ExpiresByType application/pdf "access 1 month" | |
ExpiresByType text/x-javascript "access 1 month" | |
ExpiresByType application/x-shockwave-flash "access 1 month" | |
ExpiresByType image/x-icon "access 1 year" | |
ExpiresDefault "access 2 days" | |
</IfModule> | |
# Restrict PHP file execution | |
# <Directory "/var/www/wp-content/uploads/"> | |
# <Files "*.php"> | |
# Order Deny,Allow | |
# Deny from All | |
# </Files> | |
# </Directory> | |
# Protect site against script injections | |
Options +FollowSymLinks | |
<IfModule mod_rewrite.c> | |
RewriteEngine On | |
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR] | |
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR] | |
RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2}) | |
RewriteRule ^(.*)$ index.php [F,L] | |
</IfModule> | |
# Prevent username execution | |
RewriteCond %{QUERY_STRING} author=d | |
RewriteRule ^ /? [L,R=301] | |
# Require SSL | |
# SSLOptions +StrictRequire | |
# SSLRequireSSL | |
# SSLRequire %{HTTP_HOST} eq "www.you-site.com" | |
# ErrorDocument 403 https://www.your-site.com | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment