Created
September 13, 2016 20:29
-
-
Save nameDark/bccfb355f62165442f601c59f44dc84f to your computer and use it in GitHub Desktop.
Wordpress. htaccess
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#close listing for files and folders | |
#Options +FollowSymLinks -Indexes | |
RewriteEngine On | |
# Block out any script trying to base64_encode data within the URL. | |
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR] | |
# Block out any script that includes a <script> tag in URL. | |
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR] | |
# Block out any script trying to set a PHP GLOBALS variable via URL. | |
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] | |
# Block out any script trying to modify a _REQUEST variable via URL. | |
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) | |
# Return 403 Forbidden header and show the content of the root homepage | |
RewriteRule .* index.php [F] | |
# | |
## End - Rewrite rules to block out some common exploits. | |
#### @RS | |
# Deny access to php, xml and ini files | |
# within components and plugins directories | |
RewriteCond %{REQUEST_FILENAME} -f | |
RewriteCond %{REQUEST_URI} \.php|\.ini|\.xml [NC] | |
RewriteCond %{REQUEST_URI} \/components\/ [OR] | |
RewriteCond %{REQUEST_URI} ^\/includes\/|^\/administrator\/includes\/ [OR] | |
RewriteCond %{REQUEST_URI} \/language\/ [OR] | |
RewriteCond %{REQUEST_URI} \/libraries\/ [OR] | |
RewriteCond %{REQUEST_URI} \/modules\/ [OR] | |
RewriteCond %{REQUEST_URI} \/plugins\/ [OR] | |
RewriteCond %{REQUEST_URI} \/templates\/ [OR] | |
RewriteCond %{REQUEST_URI} \/xmlrpc\/ | |
RewriteRule ^(.*)$ index.php [R=404,L] | |
#### @RS | |
#### @RS | |
# Prevent most common SQL-Injections | |
RewriteCond %{query_string} concat.*\( [NC,OR] | |
RewriteCond %{query_string} union.*select.*\( [NC,OR] | |
RewriteCond %{query_string} union.*all.*select [NC] | |
RewriteRule ^(.*)$ index.php [F,L] | |
#### @RS | |
#### @RS | |
# Block most common hacking tools | |
SetEnvIf user-agent "Indy Library" stayout=1 | |
SetEnvIf user-agent "libwww-perl" stayout=1 | |
SetEnvIf user-agent "Wget" stayout=1 | |
deny from env=stayout | |
#### @RS | |
## Begin - Custom redirects | |
# | |
# If you need to redirect some pages, or set a canonical non-www to | |
# www redirect (or vice versa), place that code here. Ensure those | |
# redirects use the correct RewriteRule syntax and the [R=301,L] flags. | |
# | |
## End - Custom redirects | |
## | |
# Uncomment following line if your webserver's URL | |
# is not directly related to physical file paths. | |
# Update Your Joomla! Directory (just / for root). | |
## | |
# | |
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] | |
# | |
# If the requested path and file is not /index.php and the request | |
# has not already been internally rewritten to the index.php script | |
RewriteCond %{REQUEST_URI} !^/index\.php | |
# and the request is for something within the component folder, | |
# or for the site root, or for an extensionless URL, or the | |
# requested URL ends with one of the listed extensions | |
RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw))$ [NC] | |
# and the requested path and file doesn't directly match a physical file | |
RewriteCond %{REQUEST_FILENAME} !-f | |
# and the requested path and file doesn't directly match a physical folder | |
RewriteCond %{REQUEST_FILENAME} !-d | |
# internally rewrite the request to the index.php script | |
RewriteRule .* index.php [L] | |
# | |
<IfModule mod_deflate.c> | |
# Insert filters | |
AddOutputFilterByType DEFLATE text/plain | |
AddOutputFilterByType DEFLATE text/html | |
AddOutputFilterByType DEFLATE text/xml | |
AddOutputFilterByType DEFLATE text/css | |
AddOutputFilterByType DEFLATE application/xml | |
AddOutputFilterByType DEFLATE application/xhtml+xml | |
AddOutputFilterByType DEFLATE application/rss+xml | |
AddOutputFilterByType DEFLATE application/javascript | |
AddOutputFilterByType DEFLATE application/x-javascript | |
AddOutputFilterByType DEFLATE application/x-httpd-php | |
AddOutputFilterByType DEFLATE application/x-httpd-fastphp | |
AddOutputFilterByType DEFLATE image/svg+xml | |
# Drop problematic browsers | |
BrowserMatch ^Mozilla/4 gzip-only-text/html | |
BrowserMatch ^Mozilla/4\.0[678] no-gzip | |
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html | |
# Make sure proxies don't deliver the wrong content | |
Header append Vary User-Agent env=!dont-vary | |
</IfModule> | |
<IfModule mod_gzip.c> | |
mod_gzip_on Yes | |
mod_gzip_dechunk Yes | |
mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$ | |
mod_gzip_item_include handler ^cgi-script$ | |
mod_gzip_item_include mime ^text/.* | |
mod_gzip_item_include mime ^application/x-javascript.* | |
mod_gzip_item_exclude mime ^image/.* | |
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.* | |
</IfModule> | |
<IfModule mod_expires.c> | |
# Enable expiration control | |
ExpiresActive On | |
# Default expiration: 1 hour after request | |
ExpiresDefault "access plus 1 hour" | |
# CSS and JS expiration: 1 week after request | |
ExpiresByType text/css "access plus 1 week" | |
ExpiresByType application/javascript "access plus 1 week" | |
ExpiresByType application/x-javascript "access plus 1 week" | |
# Image files expiration: 1 month after request | |
ExpiresByType image/bmp "access plus 1 month" | |
ExpiresByType image/gif "access plus 1 month" | |
ExpiresByType image/jpeg "access plus 1 month" | |
ExpiresByType image/jp2 "access plus 1 month" | |
ExpiresByType image/pipeg "access plus 1 month" | |
ExpiresByType image/png "access plus 1 month" | |
ExpiresByType image/svg+xml "access plus 1 month" | |
ExpiresByType image/tiff "access plus 1 month" | |
ExpiresByType image/vnd.microsoft.icon "access plus 1 month" | |
ExpiresByType image/x-icon "access plus 1 month" | |
ExpiresByType image/ico "access plus 1 month" | |
ExpiresByType image/icon "access plus 1 month" | |
ExpiresByType text/ico "access plus 1 month" | |
ExpiresByType application/ico "access plus 1 month" | |
ExpiresByType image/vnd.wap.wbmp "access plus 1 month" | |
ExpiresByType application/vnd.wap.wbxml "access plus 1 month" | |
ExpiresByType application/smil "access plus 1 month" | |
# Audio files expiration: 1 month after request | |
ExpiresByType audio/basic "access plus 1 month" | |
ExpiresByType audio/mid "access plus 1 month" | |
ExpiresByType audio/midi "access plus 1 month" | |
ExpiresByType audio/mpeg "access plus 1 month" | |
ExpiresByType audio/x-aiff "access plus 1 month" | |
ExpiresByType audio/x-mpegurl "access plus 1 month" | |
ExpiresByType audio/x-pn-realaudio "access plus 1 month" | |
ExpiresByType audio/x-wav "access plus 1 month" | |
# Movie files expiration: 1 month after request | |
ExpiresByType application/x-shockwave-flash "access plus 1 month" | |
ExpiresByType x-world/x-vrml "access plus 1 month" | |
ExpiresByType video/x-msvideo "access plus 1 month" | |
ExpiresByType video/mpeg "access plus 1 month" | |
ExpiresByType video/mp4 "access plus 1 month" | |
ExpiresByType video/quicktime "access plus 1 month" | |
ExpiresByType video/x-la-asf "access plus 1 month" | |
ExpiresByType video/x-ms-asf "access plus 1 month" | |
</IfModule> | |
########## End - Optimal expiration time | |
<IfModule mod_headers.c> | |
<FilesMatch "\.(js|css|xml|gz|html)$"> | |
Header append Vary: Accept-Encoding | |
</FilesMatch> | |
</IfModule> | |
# BEGIN WordPress | |
<IfModule mod_rewrite.c> | |
RewriteEngine On | |
RewriteBase / | |
RewriteRule ^index\.php$ - [L] | |
RewriteCond %{REQUEST_FILENAME} !-f | |
RewriteCond %{REQUEST_FILENAME} !-d | |
RewriteRule . /index.php [L] | |
</IfModule> | |
# END WordPress | |
<Files wp-config.php> | |
# protect wp-config.php | |
order allow,deny | |
deny from all | |
</Files> | |
<Files .htaccess> | |
# protect htaccess | |
order allow,deny | |
deny from all | |
</Files> | |
AddDefaultCharset utf-8 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment