Last active
May 16, 2020 15:58
-
-
Save nfsarmento/8f048400c57b55f296d6e81f9ca04643 to your computer and use it in GitHub Desktop.
WordPress Security Harden Apache .htaccess
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Prevents directory listing | |
Options -Indexes | |
# Deny backup extensions & log files | |
<Files ~ "(^#.*#|~|\.save|\.sw[op])$"> | |
Order allow,deny | |
Deny from all | |
</Files> | |
#Protect .htaccess From Unauthorized Access | |
<files ~ "^.*\.([Hh][Tt][Aa])"> | |
order allow,deny | |
deny from all | |
satisfy all | |
</files> | |
# Deny access to readme.html | |
<files readme.html> | |
Order allow,deny | |
Deny from all | |
</files> | |
# Deny access to license.txt | |
<files license.txt> | |
Order allow,deny | |
Deny from all | |
</files> | |
# Blocks some XSS attacks | |
<IfModule mod_rewrite.c> | |
RewriteCond %{QUERY_STRING} (\|%3E) [NC,OR] | |
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] | |
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) | |
RewriteRule .* index.php [F,L] | |
</IfModule> | |
# Blocks all wp-includes folders and files | |
<IfModule mod_rewrite.c> | |
RewriteEngine On | |
RewriteBase / | |
RewriteRule ^wp-admin/includes/ - [F,L] | |
RewriteRule !^wp-includes/ - [S=3] | |
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] | |
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] | |
RewriteRule ^wp-includes/theme-compat/ - [F,L] | |
</IfModule> | |
# Secure Important Files | |
<FilesMatch "^.*(error_log|wp-config\.php|php.ini|\.[hH][tT][aApP].*)$"> | |
Order deny,allow | |
Deny from all | |
</FilesMatch> | |
# Deny access to wp-config.php file | |
<files wp-config.php> | |
order allow,deny | |
deny from all | |
</files> | |
# Setup browser caching | |
<IfModule mod_expires.c> | |
ExpiresActive On | |
ExpiresByType image/jpg "access 1 year" | |
ExpiresByType image/jpeg "access 1 year" | |
ExpiresByType image/gif "access 1 year" | |
ExpiresByType image/png "access 1 year" | |
ExpiresByType text/css "access 1 month" | |
ExpiresByType application/pdf "access 1 month" | |
ExpiresByType text/x-javascript "access 1 month" | |
ExpiresByType application/x-shockwave-flash "access 1 month" | |
ExpiresByType image/x-icon "access 1 year" | |
ExpiresDefault "access 2 days" | |
</IfModule> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment