Created
July 9, 2013 20:08
-
-
Save mingomax/5960809 to your computer and use it in GitHub Desktop.
Gave more security an instance of WordPress
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Make sure these directives are either above the "BEGIN WordPress" | |
# line or below the "END WordPress" line. Also, make sure you test | |
# your site if you use any of the suggestions below. These rules | |
# are very specific to running WordPress so if you also serve some other | |
# static or PHP files under the directory where these rules will live | |
# you may find they won't work. TEST TEST TEST. | |
# disable directory browsing | |
Options All -Indexes | |
# prevent direct access to wp-config.php | |
<files wp-config.php> | |
order allow,deny | |
deny from all | |
</files> | |
# block access to all php files under /wp-content and further | |
RedirectMatch 403 ^.*/wp-content/.*\.php$ | |
# Block the include-only files. | |
RewriteBase / | |
RewriteRule ^wp-admin/includes/ - [F,L] | |
RewriteRule !^wp-includes/ - [S=3] | |
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] | |
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] | |
RewriteRule ^wp-includes/theme-compat/ - [F,L] | |
# prevent comment posting if referrer is blank | |
# replace yoursite.com with your actual domain name | |
RewriteCond %{REQUEST_METHOD} POST | |
RewriteCond %{REQUEST_URI} .wp-comments-post\.php* | |
RewriteCond %{HTTP_REFERER} !.*yourhost.com.* [OR] | |
RewriteCond %{HTTP_USER_AGENT} ^$ | |
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L] | |
# deny access to all dot (hidden) files (eg .htaccess) | |
<Files ~ "^\..*"> | |
order allow,deny | |
deny from all | |
satisfy all | |
</Files> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment