indysigner/.htaccess

## .htaccess
# ----------------------------------------------------------------------
# | Komprimierung und Caching                                                    |
# ----------------------------------------------------------------------

# Serve resources with far-future expires headers.
#
# (!) If you don't control versioning with filename-based
# cache busting, you should consider lowering the cache times
# to something like one week.
#
# https://httpd.apache.org/docs/current/mod/mod_expires.html

<IfModule mod_expires.c>
    ExpiresActive on
    ExpiresDefault                                      "access plus 1 month"

  # CSS
    ExpiresByType text/css                              "access plus 1 year"

  # Data interchange
    ExpiresByType application/atom+xml                  "access plus 1 hour"
    ExpiresByType application/rdf+xml                   "access plus 1 hour"
    ExpiresByType application/rss+xml                   "access plus 1 hour"

    ExpiresByType application/json                      "access plus 0 seconds"
    ExpiresByType application/ld+json                   "access plus 0 seconds"
    ExpiresByType application/schema+json               "access plus 0 seconds"
    ExpiresByType application/vnd.geo+json              "access plus 0 seconds"
    ExpiresByType application/xml                       "access plus 0 seconds"
    ExpiresByType text/xml                              "access plus 0 seconds"

  # Favicon (cannot be renamed!) and cursor images
    ExpiresByType image/vnd.microsoft.icon              "access plus 1 week"
    ExpiresByType image/x-icon                          "access plus 1 week"

  # HTML - Behält die Website eine Stunde im Cache, neues wird erst nach Ablauf einer Stunde
  # angezeigt. Wenn nicht gewuenscht, bei 3600 eine Null eintragen
    ExpiresByType text/html                             "access plus 3600 seconds"

  # JavaScript
    ExpiresByType application/javascript                "access plus 1 year"
    ExpiresByType application/x-javascript              "access plus 1 year"
    ExpiresByType text/javascript                       "access plus 1 year"

  # Manifest files
    ExpiresByType application/manifest+json             "access plus 1 week"
    ExpiresByType application/x-web-app-manifest+json   "access plus 0 seconds"
    ExpiresByType text/cache-manifest                   "access plus 0 seconds"

  # Media files
    ExpiresByType audio/ogg                             "access plus 1 month"
    ExpiresByType image/bmp                             "access plus 1 month"
    ExpiresByType image/gif                             "access plus 1 month"
    ExpiresByType image/jpeg                            "access plus 1 month"
    ExpiresByType image/png                             "access plus 1 month"
    ExpiresByType image/svg+xml                         "access plus 1 month"
    ExpiresByType image/webp                            "access plus 1 month"
    ExpiresByType video/mp4                             "access plus 1 month"
    ExpiresByType video/ogg                             "access plus 1 month"
    ExpiresByType video/webm                            "access plus 1 month"

  # Web fonts

    # Embedded OpenType (EOT)
    ExpiresByType application/vnd.ms-fontobject         "access plus 1 month"
    ExpiresByType font/eot                              "access plus 1 month"

    # OpenType
    ExpiresByType font/opentype                         "access plus 1 month"

    # TrueType
    ExpiresByType application/x-font-ttf                "access plus 1 month"

    # Web Open Font Format (WOFF) 1.0
    ExpiresByType application/font-woff                 "access plus 1 month"
    ExpiresByType application/x-font-woff               "access plus 1 month"
    ExpiresByType font/woff                             "access plus 1 month"

    # Web Open Font Format (WOFF) 2.0
    ExpiresByType application/font-woff2                "access plus 1 month"

  # Other
    ExpiresByType text/x-cross-domain-policy            "access plus 1 week"
</IfModule>

<IfModule mod_deflate.c>
# Insert filters / compress text, html, javascript, css, xml:
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/vtt
AddOutputFilterByType DEFLATE text/x-component
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/js
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/x-httpd-php
AddOutputFilterByType DEFLATE application/x-httpd-fastphp
AddOutputFilterByType DEFLATE application/atom+xml
AddOutputFilterByType DEFLATE application/json
AddOutputFilterByType DEFLATE application/ld+json
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/x-web-app-manifest+json
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/x-icon

# Exception: Images
SetEnvIfNoCase REQUEST_URI \.(?:gif|jpg|jpeg|png|svg)$ no-gzip dont-vary

# Drop problematic browsers
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html

# Make sure proxies don't deliver the wrong content
Header append Vary User-Agent env=!dont-vary
</IfModule>

#Alternative caching using Apache's "mod_headers", if it's installed.
#Caching of common files - ENABLED
<IfModule mod_headers.c>
<FilesMatch "\.(ico|pdf|flv|swf|js|css|gif|png|jpg|jpeg|txt)$">
Header set Cache-Control "max-age=2592000, public"
</FilesMatch>
</IfModule>

<IfModule mod_headers.c>
  <FilesMatch "\.(js|css|xml|gz)$">
    Header append Vary Accept-Encoding
  </FilesMatch>
</IfModule>

# Set Keep Alive Header
<IfModule mod_headers.c>
    Header set Connection keep-alive
</IfModule>

# If your server don't support ETags deactivate with "None" (and remove header)
<IfModule mod_expires.c>
  <IfModule mod_headers.c>
    Header unset ETag
  </IfModule>
  FileETag None
</IfModule>

# ----------------------------------------------------------------------
# | 7g Firewall für Sicherheit - HIER NICHTS AENDERN, ANSONSTEN IST DIE WEBSITE ANGREIFBAR
# ----------------------------------------------------------------------

# 7G FIREWALL v1.2 20190727
# @ https://perishablepress.com/7g-firewall/

# 7G:[QUERY STRING]
<IfModule mod_rewrite.c>

	RewriteCond %{REQUEST_URI} !(7g_log.php) [NC]

	RewriteCond %{QUERY_STRING} ([a-z0-9]{2000,}) [NC,OR]
	RewriteCond %{QUERY_STRING} (/|%2f)(:|%3a)(/|%2f) [NC,OR]
	RewriteCond %{QUERY_STRING} (/|%2f)(\*|%2a)(\*|%2a)(/|%2f) [NC,OR]
	RewriteCond %{QUERY_STRING} (~|`|<|>|\^|\|\\|0x00|%00|%0d%0a) [NC,OR]
	RewriteCond %{QUERY_STRING} (cmd|command)(=|%3d)(chdir|mkdir)(.*)(x20) [NC,OR]
	RewriteCond %{QUERY_STRING} (fck|ckfinder|fullclick|ckfinder|fckeditor) [NC,OR]
	RewriteCond %{QUERY_STRING} (/|%2f)((wp-)?config)((\.|%2e)inc)?((\.|%2e)php) [NC,OR]
	RewriteCond %{QUERY_STRING} (thumbs?(_editor|open)?|tim(thumbs?)?)((\.|%2e)php) [NC,OR]
	RewriteCond %{QUERY_STRING} (absolute_|base|root_)(dir|path)(=|%3d)(ftp|https?) [NC,OR]
	RewriteCond %{QUERY_STRING} (localhost|loopback|127(\.|%2e)0(\.|%2e)0(\.|%2e)1) [NC,OR]
	RewriteCond %{QUERY_STRING} (\.|20)(get|the)(_|%5f)(permalink|posts_page_url)(\(|%28) [NC,OR]
	RewriteCond %{QUERY_STRING} (s)?(ftp|http|inurl|php)(s)?(:(/|%2f|%u2215)(/|%2f|%u2215)) [NC,OR]
	RewriteCond %{QUERY_STRING} (globals|mosconfig([a-z_]{1,22})|request)(=|\[|%[a-z0-9]{0,2}) [NC,OR]
	RewriteCond %{QUERY_STRING} ((boot|win)((\.|%2e)ini)|etc(/|%2f)passwd|self(/|%2f)environ) [NC,OR]
	RewriteCond %{QUERY_STRING} (((/|%2f){3,3})|((\.|%2e){3,3})|((\.|%2e){2,2})(/|%2f|%u2215)) [NC,OR]
	RewriteCond %{QUERY_STRING} (benchmark|char|exec|fopen|function|html)(.*)(\(|%28)(.*)(\)|%29) [NC,OR]
	RewriteCond %{QUERY_STRING} (php)([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}) [NC,OR]
	RewriteCond %{QUERY_STRING} (e|%65|%45)(v|%76|%56)(a|%61|%31)(l|%6c|%4c)(.*)(\(|%28)(.*)(\)|%29) [NC,OR]
	RewriteCond %{QUERY_STRING} (/|%2f)(=|%3d|$&|_mm|cgi(\.|-)|inurl(:|%3a)(/|%2f)|(mod|path)(=|%3d)(\.|%2e)) [NC,OR]
	RewriteCond %{QUERY_STRING} (<|%3c)(.*)(e|%65|%45)(m|%6d|%4d)(b|%62|%42)(e|%65|%45)(d|%64|%44)(.*)(>|%3e) [NC,OR]
	RewriteCond %{QUERY_STRING} (<|%3c)(.*)(i|%69|%49)(f|%66|%46)(r|%72|%52)(a|%61|%41)(m|%6d|%4d)(e|%65|%45)(.*)(>|%3e) [NC,OR]
	RewriteCond %{QUERY_STRING} (<|%3c)(.*)(o|%4f|%6f)(b|%62|%42)(j|%4a|%6a)(e|%65|%45)(c|%63|%43)(t|%74|%54)(.*)(>|%3e) [NC,OR]
	RewriteCond %{QUERY_STRING} (<|%3c)(.*)(s|%73|%53)(c|%63|%43)(r|%72|%52)(i|%69|%49)(p|%70|%50)(t|%74|%54)(.*)(>|%3e) [NC,OR]
	RewriteCond %{QUERY_STRING} (\+|%2b|%20)(d|%64|%44)(e|%65|%45)(l|%6c|%4c)(e|%65|%45)(t|%74|%54)(e|%65|%45)(\+|%2b|%20) [NC,OR]
	RewriteCond %{QUERY_STRING} (\+|%2b|%20)(i|%69|%49)(n|%6e|%4e)(s|%73|%53)(e|%65|%45)(r|%72|%52)(t|%74|%54)(\+|%2b|%20) [NC,OR]
	RewriteCond %{QUERY_STRING} (\+|%2b|%20)(s|%73|%53)(e|%65|%45)(l|%6c|%4c)(e|%65|%45)(c|%63|%43)(t|%74|%54)(\+|%2b|%20) [NC,OR]
	RewriteCond %{QUERY_STRING} (\+|%2b|%20)(u|%75|%55)(p|%70|%50)(d|%64|%44)(a|%61|%41)(t|%74|%54)(e|%65|%45)(\+|%2b|%20) [NC,OR]
	RewriteCond %{QUERY_STRING} (\\x00|(\"|%22|\'|%27)?0(\"|%22|\'|%27)?(=|%3d)(\"|%22|\'|%27)?0|cast(\(|%28)0x|or%201(=|%3d)1) [NC,OR]
	RewriteCond %{QUERY_STRING} (g|%67|%47)(l|%6c|%4c)(o|%6f|%4f)(b|%62|%42)(a|%61|%41)(l|%6c|%4c)(s|%73|%53)(=|[|%[0-9A-Z]{0,2}) [NC,OR]
	RewriteCond %{QUERY_STRING} (_|%5f)(r|%72|%52)(e|%65|%45)(q|%71|%51)(u|%75|%55)(e|%65|%45)(s|%73|%53)(t|%74|%54)(=|[|%[0-9A-Z]{0,2}) [NC,OR]
	RewriteCond %{QUERY_STRING} (j|%6a|%4a)(a|%61|%41)(v|%76|%56)(a|%61|%31)(s|%73|%53)(c|%63|%43)(r|%72|%52)(i|%69|%49)(p|%70|%50)(t|%74|%54)(:|%3a)(.*)(;|%3b|\)|%29) [NC,OR]
	RewriteCond %{QUERY_STRING} (b|%62|%42)(a|%61|%41)(s|%73|%53)(e|%65|%45)(6|%36)(4|%34)(_|%5f)(e|%65|%45|d|%64|%44)(e|%65|%45|n|%6e|%4e)(c|%63|%43)(o|%6f|%4f)(d|%64|%44)(e|%65|%45)(.*)(\()(.*)(\)) [NC,OR]
	RewriteCond %{QUERY_STRING} (allow_url_(fopen|include)|auto_prepend_file|blexbot|browsersploit|(c99|php)shell|curltest|disable_functions?|document_root|elastix|encodeuricom|exec|exploit|fclose|fgets|fputs|fsbuff|fsockopen|gethostbyname|grablogin|hmei7|input_file|load_file|null|open_basedir|outfile|passthru|popen|proc_open|quickbrute|remoteview|root_path|safe_mode|shell_exec|site((.){0,2})copier|sux0r|trojan|wget|xertive) [NC,OR]
	RewriteCond %{QUERY_STRING} (;|<|>|\'|\"|\)|%0a|%0d|%22|%27|%3c|%3e|%00)(.*)(/\*|alter|base64|benchmark|cast|char|concat|convert|create|encode|declare|delete|drop|insert|md5|order|request|script|select|set|union|update) [NC,OR]
	RewriteCond %{QUERY_STRING} ((\+|%2b)(concat|delete|get|select|union)(\+|%2b)) [NC,OR]
	RewriteCond %{QUERY_STRING} (union)(.*)(select)(.*)(\(|%28) [NC,OR]
	RewriteCond %{QUERY_STRING} (concat)(.*)(\(|%28) [NC]

	RewriteRule .* - [F,L]

	# RewriteRule .* /7g_log.php?log [L,NE,E=7G_QUERY_STRING:%1___%2___%3]

</IfModule>

# 7G:[REQUEST METHOD]
<IfModule mod_rewrite.c>

	RewriteCond %{REQUEST_URI} !(7g_log.php) [NC]

	RewriteCond %{REQUEST_METHOD} ^(connect|debug|delete|move|put|trace|track) [NC]

	RewriteRule .* - [F,L]

	# RewriteRule .* /7g_log.php?log [L,NE,E=7G_REQUEST_METHOD:%1]

</IfModule>

# 7G:[HTTP REFERRER]
<IfModule mod_rewrite.c>

	RewriteCond %{REQUEST_URI} !(7g_log.php) [NC]

	RewriteCond %{HTTP_REFERER} (semalt.com|todaperfeita) [NC,OR]
	RewriteCond %{HTTP_REFERER} (ambien|blue\spill|cialis|cocaine|ejaculat|erectile|erections|hoodia|huronriveracres|impotence|levitra|libido|lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby|ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo) [NC]

	RewriteRule .* - [F,L]

	# RewriteRule .* /7g_log.php?log [L,NE,E=7G_HTTP_REFERRER:%1]

</IfModule>

# 7G:[REQUEST URI]
<IfModule mod_rewrite.c>

	RewriteCond %{REQUEST_URI} !(7g_log.php) [NC]

	RewriteCond %{REQUEST_URI} ([a-z0-9]{2000,}) [NC,OR]
	RewriteCond %{REQUEST_URI} (=?\\(\'|%27)/?)(\.) [NC,OR]
	RewriteCond %{REQUEST_URI} (/)(\*|\"|\'|\.|,|&|&amp;?)/?$ [NC,OR]
	RewriteCond %{REQUEST_URI} (\.)(php)(\()?([0-9]+)(\))?(/)?$ [NC,OR]
	RewriteCond %{REQUEST_URI} (/)(vbulletin|boards|vbforum)(/)? [NC,OR]
	RewriteCond %{REQUEST_URI} (\^|~|`|<|>|,|%|\\|\{|\}|\[|\]|\|) [NC,OR]
	RewriteCond %{REQUEST_URI} (\.(s?ftp-?)config|(s?ftp-?)config\.) [NC,OR]
	RewriteCond %{REQUEST_URI} (\{0\}|\"?0\"?=\"?0|\(/\(|\.\.\.|\+\+\+|\\\") [NC,OR]
	RewriteCond %{REQUEST_URI} (thumbs?(_editor|open)?|tim(thumbs?)?)(\.php) [NC,OR]
	RewriteCond %{REQUEST_URI} (/)(fck|ckfinder|fullclick|ckfinder|fckeditor) [NC,OR]
	RewriteCond %{REQUEST_URI} (\.|20)(get|the)(_)(permalink|posts_page_url)(\() [NC,OR]
	RewriteCond %{REQUEST_URI} (///|\?\?|/&&|/\*(.*)\*/|/:/|\\\\|0x00|%00|%0d%0a) [NC,OR]
	RewriteCond %{REQUEST_URI} (/%7e)(root|ftp|bin|nobody|named|guest|logs|sshd)(/) [NC,OR]
	RewriteCond %{REQUEST_URI} (/)(etc|var)(/)(hidden|secret|shadow|ninja|passwd|tmp)(/)?$ [NC,OR]
	RewriteCond %{REQUEST_URI} (s)?(ftp|http|inurl|php)(s)?(:(/|%2f|%u2215)(/|%2f|%u2215)) [NC,OR]
	RewriteCond %{REQUEST_URI} (/)(=|\$&?|&?(pws|rk)=0|_mm|_vti_|cgi(\.|-)?|(=|/|;|,)nt\.) [NC,OR]
	RewriteCond %{REQUEST_URI} (\.)(conf(ig)?|ds_store|htaccess|htpasswd|init?|mysql-select-db)(/)?$ [NC,OR]
	RewriteCond %{REQUEST_URI} (/)(bin)(/)(cc|chmod|chsh|cpp|echo|id|kill|mail|nasm|perl|ping|ps|python|tclsh)(/)?$ [NC,OR]
	RewriteCond %{REQUEST_URI} (/)(::[0-9999]|%3a%3a[0-9999]|127\.0\.0\.1|localhost|loopback|makefile|pingserver|wwwroot)(/)? [NC,OR]
	RewriteCond %{REQUEST_URI} (\(null\)|\{\$itemURL\}|cAsT\(0x|echo(.*)kae|etc/passwd|eval\(|self/environ|\+union\+all\+select) [NC,OR]
	RewriteCond %{REQUEST_URI} (/)(awstats|(c99|php|web)shell|document_root|error_log|listinfo|muieblack|remoteview|site((.){0,2})copier|sqlpatch|sux0r) [NC,OR]
	RewriteCond %{REQUEST_URI} (/)((php|web)?shell|conf(ig)?|crossdomain|fileditor|locus7|nstview|php(get|remoteview|writer)|r57|remview|sshphp|storm7|webadmin)(.*)(\.|\() [NC,OR]
	RewriteCond %{REQUEST_URI} (/)(author-panel|bitrix|class|database|(db|mysql)-?admin|filemanager|htdocs|httpdocs|https?|mailman|mailto|msoffice|mysql|_?php-?my-?admin(.*)|sql|system|tmp|undefined|usage|var|vhosts|webmaster|www)(/) [NC,OR]
	RewriteCond %{REQUEST_URI} (base64_(en|de)code|benchmark|child_terminate|e?chr|eval|exec|function|fwrite|(f|p)open|html|leak|passthru|p?fsockopen|phpinfo|posix_(kill|mkfifo|setpgid|setsid|setuid)|proc_(close|get_status|nice|open|terminate)|(shell_)?exec|system)(.*)(\()(.*)(\)) [NC,OR]
	RewriteCond %{REQUEST_URI} (\.)(7z|ab4|afm|aspx?|bash|ba?k?|bz2|cfg|cfml?|cgi|conf(ig)?|ctl|dat|db|dll|eml|et2|exe|fec|fla|hg|inc|ini|inv|jsp|log|lqd|mbf|mdb|mmw|mny|old|one|out|passwd|pdb|pl|psd|pst|ptdb|pwd|py|qbb|qdf|rar|rdf|sdb|sql|sh|soa|swf|swl|swp|stx|tar|tax|tgz|tls|tmd|wow|zlib)$ [NC,OR]
	RewriteCond %{REQUEST_URI} (/)(^$|00.temp00|0day|3xp|70bex?|admin_events|bkht|(php|web)?shell|configbak|curltest|db|dompdf|filenetworks|hmei7|index\.php/index\.php/index|jahat|kcrew|keywordspy|mobiquo|mysql|nessus|php-?info|racrew|sql|ucp|webconfig|(wp-)?conf(ig)?(uration)?|xertive)(\.php) [NC]

	RewriteRule .* - [F,L]

	# RewriteRule .* /7g_log.php?log [L,NE,E=7G_REQUEST_URI:%1___%2___%3]

</IfModule>

# 7G:[USER AGENT]
<IfModule mod_rewrite.c>

	RewriteCond %{REQUEST_URI} !(7g_log.php) [NC]

	RewriteCond %{HTTP_USER_AGENT} ([a-z0-9]{2000,}) [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} (&lt;|%0a|%0d|%27|%3c|%3e|%00|0x00) [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} ((c99|php|web)shell|remoteview|site((.){0,2})copier) [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} (base64_decode|bin/bash|disconnect|eval|lwp-download|unserialize|\\\x22) [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} (360Spider|acapbot|acoonbot|ahrefs|alexibot|asterias|attackbot|backdorbot|becomebot|binlar|blackwidow|blekkobot|blexbot|blowfish|bullseye|bunnys|butterfly|careerbot|casper|checkpriv|cheesebot|cherrypick|chinaclaw|choppy|clshttp|cmsworld|copernic|copyrightcheck|cosmos|crescent|cy_cho|datacha|demon|diavol|discobot|dittospyder|dotbot|dotnetdotcom|dumbot|emailcollector|emailsiphon|emailwolf|exabot|extract|eyenetie|feedfinder|flaming|flashget|flicky|foobot|g00g1e|getright|gigabot|go-ahead-got|gozilla|grabnet|grafula|harvest|heritrix|httrack|icarus6j|jetbot|jetcar|jikespider|kmccrew|leechftp|libweb|linkextractor|linkscan|linkwalker|loader|miner|majestic|mechanize|mj12bot|morfeus|moveoverbot|netmechanic|netspider|nicerspro|nikto|ninja|nutch|octopus|pagegrabber|planetwork|postrank|proximic|purebot|pycurl|python|queryn|queryseeker|radian6|radiation|realdownload|rogerbot|scooter|seekerspider|semalt|seznambot|siclab|sindice|sistrix|sitebot|siteexplorer|sitesnagger|skygrid|smartdownload|snoopy|sosospider|spankbot|spbot|sqlmap|stackrambler|stripper|sucker|surftbot|sux0r|suzukacz|suzuran|takeout|teleport|telesoft|true_robots|turingos|turnit|vampire|vikspider|voideye|webleacher|webreaper|webstripper|webvac|webviewer|webwhacker|winhttp|wwwoffle|woxbot|xaldon|xxxyy|yamanalab|yioopbot|youda|zeus|zmeu|zune|zyborg) [NC]

	RewriteRule .* - [F,L]

	# RewriteRule .* /7g_log.php?log [L,NE,E=7G_USER_AGENT:%1]

</IfModule>

# ----------------------------------------------------------------------
# | Zeichensatz setzen
# ----------------------------------------------------------------------

AddDefaultCharset UTF-8

# ----------------------------------------------------------------------
#   Wichtige WordPress-Dateien gegen den Zugriff von außen blocken
# ----------------------------------------------------------------------

# Kein Zugriff auf die install.php
<files install.php>
Order allow,deny
Deny from all
</files>

# Kein Zugriff auf die wp-config.php
<files wp-config.php>
Order allow,deny
Deny from all
</files>

# Kein Zugriff auf die readme.html
<files readme.html>
 Order Allow,Deny
 Deny from all
 Satisfy all
</Files>

# Kein Zugriff auf die liesmich.html für die DE Edition
<Files liesmich.html>
 Order Allow,Deny
 Deny from all
 Satisfy all
</Files>

# Kein Zugriff auf das Error-Log
<files error_log>
Order allow,deny
Deny from all
</files>

#Zugriff auf .htaccess und .htpasswd verbieten. Wenn keine .htpasswd benutzt wird, kann der Code dafür entfernt werden.
<FilesMatch "(\.htaccess|\.htpasswd)">
  Order deny,allow
  Deny from all
</FilesMatch>

# Den Zugriff auf den Include-Ordner verbieten
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>

# ----------------------------------------------------------------------
# Schutz des Administrator-Bereichs. Wenn der .htaccess/.htpasswd Schutz
# genutzt werden soll, auskommentieren UND PFAD ANPASSEN
# ----------------------------------------------------------------------

#<Files wp-login.php>
#AuthName "Admin-Bereich"
#AuthType Basic
#AuthUserFile dein/pfad/zur/.htpasswd
#require valid-user
#</Files>

#Full Path Disclosure abschalten - unterdrueckt die Anzeige des vollstaendigen Fehlerpfads
php_flag display_errors Off

# ----------------------------------------------------------------------
#   Hotlinking verbieten (verhindert, dass andere Deine Bilder von Deinem Server nutzen
#   WICHTIG: Auskommentieren und deine Domain einfuegen
# ----------------------------------------------------------------------

#<IfModule mod_rewrite.c>
#RewriteEngine on
#RewriteCond %{HTTP_REFERER} !^$
#RewriteCond %{HTTP_REFERER} !^https://(www\.)?drweb\.de(/.*)?$ [NC]
#RewriteRule \.(jpg|jpeg|gif||png)$ - [F]
#</ifModule>

# ----------------------------------------------------------------------
#   Das Sicherheitsrisiko XML-RPC Schnittstelle komplett abschalten
# ----------------------------------------------------------------------

<Files xmlrpc.php>
 Order Deny,Allow
 Deny from all
 </Files>

# ----------------------------------------------------------------------
# | WordPress Rewrite Rules - HIER NICHTS AENDERN, ODER WORDPRESS FUNKTIONIERT NICHT MEHR
# ----------------------------------------------------------------------

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
	# ----------------------------------------------------------------------
	# \| Komprimierung und Caching \|
	# ----------------------------------------------------------------------

	# Serve resources with far-future expires headers.
	#
	# (!) If you don't control versioning with filename-based
	# cache busting, you should consider lowering the cache times
	# to something like one week.
	#
	# https://httpd.apache.org/docs/current/mod/mod_expires.html

	<IfModule mod_expires.c>
	ExpiresActive on
	ExpiresDefault "access plus 1 month"

	# CSS
	ExpiresByType text/css "access plus 1 year"

	# Data interchange
	ExpiresByType application/atom+xml "access plus 1 hour"
	ExpiresByType application/rdf+xml "access plus 1 hour"
	ExpiresByType application/rss+xml "access plus 1 hour"

	ExpiresByType application/json "access plus 0 seconds"
	ExpiresByType application/ld+json "access plus 0 seconds"
	ExpiresByType application/schema+json "access plus 0 seconds"
	ExpiresByType application/vnd.geo+json "access plus 0 seconds"
	ExpiresByType application/xml "access plus 0 seconds"
	ExpiresByType text/xml "access plus 0 seconds"

	# Favicon (cannot be renamed!) and cursor images
	ExpiresByType image/vnd.microsoft.icon "access plus 1 week"
	ExpiresByType image/x-icon "access plus 1 week"

	# HTML - Behält die Website eine Stunde im Cache, neues wird erst nach Ablauf einer Stunde
	# angezeigt. Wenn nicht gewuenscht, bei 3600 eine Null eintragen
	ExpiresByType text/html "access plus 3600 seconds"

	# JavaScript
	ExpiresByType application/javascript "access plus 1 year"
	ExpiresByType application/x-javascript "access plus 1 year"
	ExpiresByType text/javascript "access plus 1 year"

	# Manifest files
	ExpiresByType application/manifest+json "access plus 1 week"
	ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds"
	ExpiresByType text/cache-manifest "access plus 0 seconds"

	# Media files
	ExpiresByType audio/ogg "access plus 1 month"
	ExpiresByType image/bmp "access plus 1 month"
	ExpiresByType image/gif "access plus 1 month"
	ExpiresByType image/jpeg "access plus 1 month"
	ExpiresByType image/png "access plus 1 month"
	ExpiresByType image/svg+xml "access plus 1 month"
	ExpiresByType image/webp "access plus 1 month"
	ExpiresByType video/mp4 "access plus 1 month"
	ExpiresByType video/ogg "access plus 1 month"
	ExpiresByType video/webm "access plus 1 month"

	# Web fonts

	# Embedded OpenType (EOT)
	ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
	ExpiresByType font/eot "access plus 1 month"

	# OpenType
	ExpiresByType font/opentype "access plus 1 month"

	# TrueType
	ExpiresByType application/x-font-ttf "access plus 1 month"

	# Web Open Font Format (WOFF) 1.0
	ExpiresByType application/font-woff "access plus 1 month"
	ExpiresByType application/x-font-woff "access plus 1 month"
	ExpiresByType font/woff "access plus 1 month"

	# Web Open Font Format (WOFF) 2.0
	ExpiresByType application/font-woff2 "access plus 1 month"

	# Other
	ExpiresByType text/x-cross-domain-policy "access plus 1 week"
	</IfModule>

	<IfModule mod_deflate.c>
	# Insert filters / compress text, html, javascript, css, xml:
	AddOutputFilterByType DEFLATE text/plain
	AddOutputFilterByType DEFLATE text/html
	AddOutputFilterByType DEFLATE text/xml
	AddOutputFilterByType DEFLATE text/css
	AddOutputFilterByType DEFLATE text/vtt
	AddOutputFilterByType DEFLATE text/x-component
	AddOutputFilterByType DEFLATE application/xml
	AddOutputFilterByType DEFLATE application/xhtml+xml
	AddOutputFilterByType DEFLATE application/rss+xml
	AddOutputFilterByType DEFLATE application/js
	AddOutputFilterByType DEFLATE application/javascript
	AddOutputFilterByType DEFLATE application/x-javascript
	AddOutputFilterByType DEFLATE application/x-httpd-php
	AddOutputFilterByType DEFLATE application/x-httpd-fastphp
	AddOutputFilterByType DEFLATE application/atom+xml
	AddOutputFilterByType DEFLATE application/json
	AddOutputFilterByType DEFLATE application/ld+json
	AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
	AddOutputFilterByType DEFLATE application/x-font-ttf
	AddOutputFilterByType DEFLATE application/x-web-app-manifest+json
	AddOutputFilterByType DEFLATE font/opentype
	AddOutputFilterByType DEFLATE image/svg+xml
	AddOutputFilterByType DEFLATE image/x-icon

	# Exception: Images
	SetEnvIfNoCase REQUEST_URI \.(?:gif\|jpg\|jpeg\|png\|svg)$ no-gzip dont-vary

	# Drop problematic browsers
	BrowserMatch ^Mozilla/4 gzip-only-text/html
	BrowserMatch ^Mozilla/4\.0[678] no-gzip
	BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html

	# Make sure proxies don't deliver the wrong content
	Header append Vary User-Agent env=!dont-vary
	</IfModule>

	#Alternative caching using Apache's "mod_headers", if it's installed.
	#Caching of common files - ENABLED
	<IfModule mod_headers.c>
	<FilesMatch "\.(ico\|pdf\|flv\|swf\|js\|css\|gif\|png\|jpg\|jpeg\|txt)$">
	Header set Cache-Control "max-age=2592000, public"
	</FilesMatch>
	</IfModule>

	<IfModule mod_headers.c>
	<FilesMatch "\.(js\|css\|xml\|gz)$">
	Header append Vary Accept-Encoding
	</FilesMatch>
	</IfModule>

	# Set Keep Alive Header
	<IfModule mod_headers.c>
	Header set Connection keep-alive
	</IfModule>

	# If your server don't support ETags deactivate with "None" (and remove header)
	<IfModule mod_expires.c>
	<IfModule mod_headers.c>
	Header unset ETag
	</IfModule>
	FileETag None
	</IfModule>

	# ----------------------------------------------------------------------
	# \| 7g Firewall für Sicherheit - HIER NICHTS AENDERN, ANSONSTEN IST DIE WEBSITE ANGREIFBAR
	# ----------------------------------------------------------------------

	# 7G FIREWALL v1.2 20190727
	# @ https://perishablepress.com/7g-firewall/

	# 7G:[QUERY STRING]
	<IfModule mod_rewrite.c>

	RewriteCond %{REQUEST_URI} !(7g_log.php) [NC]

	RewriteCond %{QUERY_STRING} ([a-z0-9]{2000,}) [NC,OR]
	RewriteCond %{QUERY_STRING} (/\|%2f)(:\|%3a)(/\|%2f) [NC,OR]
	RewriteCond %{QUERY_STRING} (/\|%2f)(\\|%2a)(\\|%2a)(/\|%2f) [NC,OR]
	RewriteCond %{QUERY_STRING} (~\|`\|<\|>\|\^\|\\|\\\|0x00\|%00\|%0d%0a) [NC,OR]
	RewriteCond %{QUERY_STRING} (cmd\|command)(=\|%3d)(chdir\|mkdir)(.*)(x20) [NC,OR]
	RewriteCond %{QUERY_STRING} (fck\|ckfinder\|fullclick\|ckfinder\|fckeditor) [NC,OR]
	RewriteCond %{QUERY_STRING} (/\|%2f)((wp-)?config)((\.\|%2e)inc)?((\.\|%2e)php) [NC,OR]
	RewriteCond %{QUERY_STRING} (thumbs?(_editor\|open)?\|tim(thumbs?)?)((\.\|%2e)php) [NC,OR]
	RewriteCond %{QUERY_STRING} (absolute_\|base\|root_)(dir\|path)(=\|%3d)(ftp\|https?) [NC,OR]
	RewriteCond %{QUERY_STRING} (localhost\|loopback\|127(\.\|%2e)0(\.\|%2e)0(\.\|%2e)1) [NC,OR]
	RewriteCond %{QUERY_STRING} (\.\|20)(get\|the)(_\|%5f)(permalink\|posts_page_url)(\(\|%28) [NC,OR]
	RewriteCond %{QUERY_STRING} (s)?(ftp\|http\|inurl\|php)(s)?(:(/\|%2f\|%u2215)(/\|%2f\|%u2215)) [NC,OR]
	RewriteCond %{QUERY_STRING} (globals\|mosconfig([a-z_]{1,22})\|request)(=\|\[\|%[a-z0-9]{0,2}) [NC,OR]
	RewriteCond %{QUERY_STRING} ((boot\|win)((\.\|%2e)ini)\|etc(/\|%2f)passwd\|self(/\|%2f)environ) [NC,OR]
	RewriteCond %{QUERY_STRING} (((/\|%2f){3,3})\|((\.\|%2e){3,3})\|((\.\|%2e){2,2})(/\|%2f\|%u2215)) [NC,OR]
	RewriteCond %{QUERY_STRING} (benchmark\|char\|exec\|fopen\|function\|html)(.)(\(\|%28)(.)(\)\|%29) [NC,OR]
	RewriteCond %{QUERY_STRING} (php)([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}) [NC,OR]
	RewriteCond %{QUERY_STRING} (e\|%65\|%45)(v\|%76\|%56)(a\|%61\|%31)(l\|%6c\|%4c)(.)(\(\|%28)(.)(\)\|%29) [NC,OR]
	RewriteCond %{QUERY_STRING} (/\|%2f)(=\|%3d\|$&\|_mm\|cgi(\.\|-)\|inurl(:\|%3a)(/\|%2f)\|(mod\|path)(=\|%3d)(\.\|%2e)) [NC,OR]
	RewriteCond %{QUERY_STRING} (<\|%3c)(.)(e\|%65\|%45)(m\|%6d\|%4d)(b\|%62\|%42)(e\|%65\|%45)(d\|%64\|%44)(.)(>\|%3e) [NC,OR]
	RewriteCond %{QUERY_STRING} (<\|%3c)(.)(i\|%69\|%49)(f\|%66\|%46)(r\|%72\|%52)(a\|%61\|%41)(m\|%6d\|%4d)(e\|%65\|%45)(.)(>\|%3e) [NC,OR]
	RewriteCond %{QUERY_STRING} (<\|%3c)(.)(o\|%4f\|%6f)(b\|%62\|%42)(j\|%4a\|%6a)(e\|%65\|%45)(c\|%63\|%43)(t\|%74\|%54)(.)(>\|%3e) [NC,OR]
	RewriteCond %{QUERY_STRING} (<\|%3c)(.)(s\|%73\|%53)(c\|%63\|%43)(r\|%72\|%52)(i\|%69\|%49)(p\|%70\|%50)(t\|%74\|%54)(.)(>\|%3e) [NC,OR]
	RewriteCond %{QUERY_STRING} (\+\|%2b\|%20)(d\|%64\|%44)(e\|%65\|%45)(l\|%6c\|%4c)(e\|%65\|%45)(t\|%74\|%54)(e\|%65\|%45)(\+\|%2b\|%20) [NC,OR]
	RewriteCond %{QUERY_STRING} (\+\|%2b\|%20)(i\|%69\|%49)(n\|%6e\|%4e)(s\|%73\|%53)(e\|%65\|%45)(r\|%72\|%52)(t\|%74\|%54)(\+\|%2b\|%20) [NC,OR]
	RewriteCond %{QUERY_STRING} (\+\|%2b\|%20)(s\|%73\|%53)(e\|%65\|%45)(l\|%6c\|%4c)(e\|%65\|%45)(c\|%63\|%43)(t\|%74\|%54)(\+\|%2b\|%20) [NC,OR]
	RewriteCond %{QUERY_STRING} (\+\|%2b\|%20)(u\|%75\|%55)(p\|%70\|%50)(d\|%64\|%44)(a\|%61\|%41)(t\|%74\|%54)(e\|%65\|%45)(\+\|%2b\|%20) [NC,OR]
	RewriteCond %{QUERY_STRING} (\\x00\|(\"\|%22\|\'\|%27)?0(\"\|%22\|\'\|%27)?(=\|%3d)(\"\|%22\|\'\|%27)?0\|cast(\(\|%28)0x\|or%201(=\|%3d)1) [NC,OR]
	RewriteCond %{QUERY_STRING} (g\|%67\|%47)(l\|%6c\|%4c)(o\|%6f\|%4f)(b\|%62\|%42)(a\|%61\|%41)(l\|%6c\|%4c)(s\|%73\|%53)(=\|[\|%[0-9A-Z]{0,2}) [NC,OR]
	RewriteCond %{QUERY_STRING} (_\|%5f)(r\|%72\|%52)(e\|%65\|%45)(q\|%71\|%51)(u\|%75\|%55)(e\|%65\|%45)(s\|%73\|%53)(t\|%74\|%54)(=\|[\|%[0-9A-Z]{0,2}) [NC,OR]
	RewriteCond %{QUERY_STRING} (j\|%6a\|%4a)(a\|%61\|%41)(v\|%76\|%56)(a\|%61\|%31)(s\|%73\|%53)(c\|%63\|%43)(r\|%72\|%52)(i\|%69\|%49)(p\|%70\|%50)(t\|%74\|%54)(:\|%3a)(.*)(;\|%3b\|\)\|%29) [NC,OR]
	RewriteCond %{QUERY_STRING} (b\|%62\|%42)(a\|%61\|%41)(s\|%73\|%53)(e\|%65\|%45)(6\|%36)(4\|%34)(_\|%5f)(e\|%65\|%45\|d\|%64\|%44)(e\|%65\|%45\|n\|%6e\|%4e)(c\|%63\|%43)(o\|%6f\|%4f)(d\|%64\|%44)(e\|%65\|%45)(.)(\()(.)(\)) [NC,OR]
	RewriteCond %{QUERY_STRING} (allow_url_(fopen\|include)\|auto_prepend_file\|blexbot\|browsersploit\|(c99\|php)shell\|curltest\|disable_functions?\|document_root\|elastix\|encodeuricom\|exec\|exploit\|fclose\|fgets\|fputs\|fsbuff\|fsockopen\|gethostbyname\|grablogin\|hmei7\|input_file\|load_file\|null\|open_basedir\|outfile\|passthru\|popen\|proc_open\|quickbrute\|remoteview\|root_path\|safe_mode\|shell_exec\|site((.){0,2})copier\|sux0r\|trojan\|wget\|xertive) [NC,OR]
	RewriteCond %{QUERY_STRING} (;\|<\|>\|\'\|\"\|\)\|%0a\|%0d\|%22\|%27\|%3c\|%3e\|%00)(.)(/\\|alter\|base64\|benchmark\|cast\|char\|concat\|convert\|create\|encode\|declare\|delete\|drop\|insert\|md5\|order\|request\|script\|select\|set\|union\|update) [NC,OR]
	RewriteCond %{QUERY_STRING} ((\+\|%2b)(concat\|delete\|get\|select\|union)(\+\|%2b)) [NC,OR]
	RewriteCond %{QUERY_STRING} (union)(.)(select)(.)(\(\|%28) [NC,OR]
	RewriteCond %{QUERY_STRING} (concat)(.*)(\(\|%28) [NC]

	RewriteRule .* - [F,L]

	# RewriteRule .* /7g_log.php?log [L,NE,E=7G_QUERY_STRING:%1___%2___%3]

	</IfModule>

	# 7G:[REQUEST METHOD]
	<IfModule mod_rewrite.c>

	RewriteCond %{REQUEST_URI} !(7g_log.php) [NC]

	RewriteCond %{REQUEST_METHOD} ^(connect\|debug\|delete\|move\|put\|trace\|track) [NC]

	RewriteRule .* - [F,L]

	# RewriteRule .* /7g_log.php?log [L,NE,E=7G_REQUEST_METHOD:%1]

	</IfModule>

	# 7G:[HTTP REFERRER]
	<IfModule mod_rewrite.c>

	RewriteCond %{REQUEST_URI} !(7g_log.php) [NC]

	RewriteCond %{HTTP_REFERER} (semalt.com\|todaperfeita) [NC,OR]
	RewriteCond %{HTTP_REFERER} (ambien\|blue\spill\|cialis\|cocaine\|ejaculat\|erectile\|erections\|hoodia\|huronriveracres\|impotence\|levitra\|libido\|lipitor\|phentermin\|pro[sz]ac\|sandyauer\|tramadol\|troyhamby\|ultram\|unicauca\|valium\|viagra\|vicodin\|xanax\|ypxaieo) [NC]

	RewriteRule .* - [F,L]

	# RewriteRule .* /7g_log.php?log [L,NE,E=7G_HTTP_REFERRER:%1]

	</IfModule>

	# 7G:[REQUEST URI]
	<IfModule mod_rewrite.c>

	RewriteCond %{REQUEST_URI} !(7g_log.php) [NC]

	RewriteCond %{REQUEST_URI} ([a-z0-9]{2000,}) [NC,OR]
	RewriteCond %{REQUEST_URI} (=?\\(\'\|%27)/?)(\.) [NC,OR]
	RewriteCond %{REQUEST_URI} (/)(\*\|\"\|\'\|\.\|,\|&\|&?)/?$ [NC,OR]
	RewriteCond %{REQUEST_URI} (\.)(php)(\()?([0-9]+)(\))?(/)?$ [NC,OR]
	RewriteCond %{REQUEST_URI} (/)(vbulletin\|boards\|vbforum)(/)? [NC,OR]
	RewriteCond %{REQUEST_URI} (\^\|~\|`\|<\|>\|,\|%\|\\\|\{\|\}\|\[\|\]\|\\|) [NC,OR]
	RewriteCond %{REQUEST_URI} (\.(s?ftp-?)config\|(s?ftp-?)config\.) [NC,OR]
	RewriteCond %{REQUEST_URI} (\{0\}\|\"?0\"?=\"?0\|\(/\(\|\.\.\.\|\+\+\+\|\\\") [NC,OR]
	RewriteCond %{REQUEST_URI} (thumbs?(_editor\|open)?\|tim(thumbs?)?)(\.php) [NC,OR]
	RewriteCond %{REQUEST_URI} (/)(fck\|ckfinder\|fullclick\|ckfinder\|fckeditor) [NC,OR]
	RewriteCond %{REQUEST_URI} (\.\|20)(get\|the)(_)(permalink\|posts_page_url)(\() [NC,OR]
	RewriteCond %{REQUEST_URI} (///\|\?\?\|/&&\|/\(.)\*/\|/:/\|\\\\\|0x00\|%00\|%0d%0a) [NC,OR]
	RewriteCond %{REQUEST_URI} (/%7e)(root\|ftp\|bin\|nobody\|named\|guest\|logs\|sshd)(/) [NC,OR]
	RewriteCond %{REQUEST_URI} (/)(etc\|var)(/)(hidden\|secret\|shadow\|ninja\|passwd\|tmp)(/)?$ [NC,OR]
	RewriteCond %{REQUEST_URI} (s)?(ftp\|http\|inurl\|php)(s)?(:(/\|%2f\|%u2215)(/\|%2f\|%u2215)) [NC,OR]
	RewriteCond %{REQUEST_URI} (/)(=\|\$&?\|&?(pws\|rk)=0\|_mm\|_vti_\|cgi(\.\|-)?\|(=\|/\|;\|,)nt\.) [NC,OR]
	RewriteCond %{REQUEST_URI} (\.)(conf(ig)?\|ds_store\|htaccess\|htpasswd\|init?\|mysql-select-db)(/)?$ [NC,OR]
	RewriteCond %{REQUEST_URI} (/)(bin)(/)(cc\|chmod\|chsh\|cpp\|echo\|id\|kill\|mail\|nasm\|perl\|ping\|ps\|python\|tclsh)(/)?$ [NC,OR]
	RewriteCond %{REQUEST_URI} (/)(::[0-9999]\|%3a%3a[0-9999]\|127\.0\.0\.1\|localhost\|loopback\|makefile\|pingserver\|wwwroot)(/)? [NC,OR]
	RewriteCond %{REQUEST_URI} (\(null\)\|\{\$itemURL\}\|cAsT\(0x\|echo(.*)kae\|etc/passwd\|eval\(\|self/environ\|\+union\+all\+select) [NC,OR]
	RewriteCond %{REQUEST_URI} (/)(awstats\|(c99\|php\|web)shell\|document_root\|error_log\|listinfo\|muieblack\|remoteview\|site((.){0,2})copier\|sqlpatch\|sux0r) [NC,OR]
	RewriteCond %{REQUEST_URI} (/)((php\|web)?shell\|conf(ig)?\|crossdomain\|fileditor\|locus7\|nstview\|php(get\|remoteview\|writer)\|r57\|remview\|sshphp\|storm7\|webadmin)(.*)(\.\|\() [NC,OR]
	RewriteCond %{REQUEST_URI} (/)(author-panel\|bitrix\|class\|database\|(db\|mysql)-?admin\|filemanager\|htdocs\|httpdocs\|https?\|mailman\|mailto\|msoffice\|mysql\|_?php-?my-?admin(.*)\|sql\|system\|tmp\|undefined\|usage\|var\|vhosts\|webmaster\|www)(/) [NC,OR]
	RewriteCond %{REQUEST_URI} (base64_(en\|de)code\|benchmark\|child_terminate\|e?chr\|eval\|exec\|function\|fwrite\|(f\|p)open\|html\|leak\|passthru\|p?fsockopen\|phpinfo\|posix_(kill\|mkfifo\|setpgid\|setsid\|setuid)\|proc_(close\|get_status\|nice\|open\|terminate)\|(shell_)?exec\|system)(.)(\()(.)(\)) [NC,OR]
	RewriteCond %{REQUEST_URI} (\.)(7z\|ab4\|afm\|aspx?\|bash\|ba?k?\|bz2\|cfg\|cfml?\|cgi\|conf(ig)?\|ctl\|dat\|db\|dll\|eml\|et2\|exe\|fec\|fla\|hg\|inc\|ini\|inv\|jsp\|log\|lqd\|mbf\|mdb\|mmw\|mny\|old\|one\|out\|passwd\|pdb\|pl\|psd\|pst\|ptdb\|pwd\|py\|qbb\|qdf\|rar\|rdf\|sdb\|sql\|sh\|soa\|swf\|swl\|swp\|stx\|tar\|tax\|tgz\|tls\|tmd\|wow\|zlib)$ [NC,OR]
	RewriteCond %{REQUEST_URI} (/)(^$\|00.temp00\|0day\|3xp\|70bex?\|admin_events\|bkht\|(php\|web)?shell\|configbak\|curltest\|db\|dompdf\|filenetworks\|hmei7\|index\.php/index\.php/index\|jahat\|kcrew\|keywordspy\|mobiquo\|mysql\|nessus\|php-?info\|racrew\|sql\|ucp\|webconfig\|(wp-)?conf(ig)?(uration)?\|xertive)(\.php) [NC]

	RewriteRule .* - [F,L]

	# RewriteRule .* /7g_log.php?log [L,NE,E=7G_REQUEST_URI:%1___%2___%3]

	</IfModule>

	# 7G:[USER AGENT]
	<IfModule mod_rewrite.c>

	RewriteCond %{REQUEST_URI} !(7g_log.php) [NC]

	RewriteCond %{HTTP_USER_AGENT} ([a-z0-9]{2000,}) [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} (<\|%0a\|%0d\|%27\|%3c\|%3e\|%00\|0x00) [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} ((c99\|php\|web)shell\|remoteview\|site((.){0,2})copier) [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} (base64_decode\|bin/bash\|disconnect\|eval\|lwp-download\|unserialize\|\\\x22) [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} (360Spider\|acapbot\|acoonbot\|ahrefs\|alexibot\|asterias\|attackbot\|backdorbot\|becomebot\|binlar\|blackwidow\|blekkobot\|blexbot\|blowfish\|bullseye\|bunnys\|butterfly\|careerbot\|casper\|checkpriv\|cheesebot\|cherrypick\|chinaclaw\|choppy\|clshttp\|cmsworld\|copernic\|copyrightcheck\|cosmos\|crescent\|cy_cho\|datacha\|demon\|diavol\|discobot\|dittospyder\|dotbot\|dotnetdotcom\|dumbot\|emailcollector\|emailsiphon\|emailwolf\|exabot\|extract\|eyenetie\|feedfinder\|flaming\|flashget\|flicky\|foobot\|g00g1e\|getright\|gigabot\|go-ahead-got\|gozilla\|grabnet\|grafula\|harvest\|heritrix\|httrack\|icarus6j\|jetbot\|jetcar\|jikespider\|kmccrew\|leechftp\|libweb\|linkextractor\|linkscan\|linkwalker\|loader\|miner\|majestic\|mechanize\|mj12bot\|morfeus\|moveoverbot\|netmechanic\|netspider\|nicerspro\|nikto\|ninja\|nutch\|octopus\|pagegrabber\|planetwork\|postrank\|proximic\|purebot\|pycurl\|python\|queryn\|queryseeker\|radian6\|radiation\|realdownload\|rogerbot\|scooter\|seekerspider\|semalt\|seznambot\|siclab\|sindice\|sistrix\|sitebot\|siteexplorer\|sitesnagger\|skygrid\|smartdownload\|snoopy\|sosospider\|spankbot\|spbot\|sqlmap\|stackrambler\|stripper\|sucker\|surftbot\|sux0r\|suzukacz\|suzuran\|takeout\|teleport\|telesoft\|true_robots\|turingos\|turnit\|vampire\|vikspider\|voideye\|webleacher\|webreaper\|webstripper\|webvac\|webviewer\|webwhacker\|winhttp\|wwwoffle\|woxbot\|xaldon\|xxxyy\|yamanalab\|yioopbot\|youda\|zeus\|zmeu\|zune\|zyborg) [NC]

	RewriteRule .* - [F,L]

	# RewriteRule .* /7g_log.php?log [L,NE,E=7G_USER_AGENT:%1]

	</IfModule>

	# ----------------------------------------------------------------------
	# \| Zeichensatz setzen
	# ----------------------------------------------------------------------

	AddDefaultCharset UTF-8

	# ----------------------------------------------------------------------
	# Wichtige WordPress-Dateien gegen den Zugriff von außen blocken
	# ----------------------------------------------------------------------

	# Kein Zugriff auf die install.php
	<files install.php>
	Order allow,deny
	Deny from all
	</files>

	# Kein Zugriff auf die wp-config.php
	<files wp-config.php>
	Order allow,deny
	Deny from all
	</files>

	# Kein Zugriff auf die readme.html
	<files readme.html>
	Order Allow,Deny
	Deny from all
	Satisfy all
	</Files>

	# Kein Zugriff auf die liesmich.html für die DE Edition
	<Files liesmich.html>
	Order Allow,Deny
	Deny from all
	Satisfy all
	</Files>

	# Kein Zugriff auf das Error-Log
	<files error_log>
	Order allow,deny
	Deny from all
	</files>

	#Zugriff auf .htaccess und .htpasswd verbieten. Wenn keine .htpasswd benutzt wird, kann der Code dafür entfernt werden.
	<FilesMatch "(\.htaccess\|\.htpasswd)">
	Order deny,allow
	Deny from all
	</FilesMatch>

	# Den Zugriff auf den Include-Ordner verbieten
	<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteBase /
	RewriteRule ^wp-admin/includes/ - [F,L]
	RewriteRule !^wp-includes/ - [S=3]
	RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
	RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
	RewriteRule ^wp-includes/theme-compat/ - [F,L]
	</IfModule>

	# ----------------------------------------------------------------------
	# Schutz des Administrator-Bereichs. Wenn der .htaccess/.htpasswd Schutz
	# genutzt werden soll, auskommentieren UND PFAD ANPASSEN
	# ----------------------------------------------------------------------

	#<Files wp-login.php>
	#AuthName "Admin-Bereich"
	#AuthType Basic
	#AuthUserFile dein/pfad/zur/.htpasswd
	#require valid-user
	#</Files>

	#Full Path Disclosure abschalten - unterdrueckt die Anzeige des vollstaendigen Fehlerpfads
	php_flag display_errors Off

	# ----------------------------------------------------------------------
	# Hotlinking verbieten (verhindert, dass andere Deine Bilder von Deinem Server nutzen
	# WICHTIG: Auskommentieren und deine Domain einfuegen
	# ----------------------------------------------------------------------

	#<IfModule mod_rewrite.c>
	#RewriteEngine on
	#RewriteCond %{HTTP_REFERER} !^$
	#RewriteCond %{HTTP_REFERER} !^https://(www\.)?drweb\.de(/.*)?$ [NC]
	#RewriteRule \.(jpg\|jpeg\|gif\|\|png)$ - [F]
	#</ifModule>

	# ----------------------------------------------------------------------
	# Das Sicherheitsrisiko XML-RPC Schnittstelle komplett abschalten
	# ----------------------------------------------------------------------

	<Files xmlrpc.php>
	Order Deny,Allow
	Deny from all
	</Files>

	# ----------------------------------------------------------------------
	# \| WordPress Rewrite Rules - HIER NICHTS AENDERN, ODER WORDPRESS FUNKTIONIERT NICHT MEHR
	# ----------------------------------------------------------------------

	# BEGIN WordPress
	<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteBase /
	RewriteRule ^index\.php$ - [L]
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteRule . /index.php [L]
	</IfModule>
	# END WordPress