
Wordpress .htaccess Security

Jul 25th, 2023
text 7.53 KB | Cybersecurity | 0 0
  1. # BEGIN iThemes Security - Do not modify or remove this line
  2. # iThemes Security Config Details: 2
  3. # Protect System Files - Security > Settings > System Tweaks > System Files
  4. <files .htaccess>
  5. <IfModule mod_authz_core.c>
  6. Require all denied
  7. </IfModule>
  8. <IfModule !mod_authz_core.c>
  9. Order allow,deny
  10. Deny from all
  11. </IfModule>
  12. </files>
  13. <files readme.html>
  14. <IfModule mod_authz_core.c>
  15. Require all denied
  16. </IfModule>
  17. <IfModule !mod_authz_core.c>
  18. Order allow,deny
  19. Deny from all
  20. </IfModule>
  21. </files>
  22. <files readme.txt>
  23. <IfModule mod_authz_core.c>
  24. Require all denied
  25. </IfModule>
  26. <IfModule !mod_authz_core.c>
  27. Order allow,deny
  28. Deny from all
  29. </IfModule>
  30. </files>
  31. <files wp-config.php>
  32. <IfModule mod_authz_core.c>
  33. Require all denied
  34. </IfModule>
  35. <IfModule !mod_authz_core.c>
  36. Order allow,deny
  37. Deny from all
  38. </IfModule>
  39. </files>
  41. # Disable Directory Browsing - Security > Settings > System Tweaks > Directory Browsing
  42. Options -Indexes
  44. <IfModule mod_rewrite.c>
  45. RewriteEngine On
  47. # Protect System Files - Security > Settings > System Tweaks > System Files
  48. RewriteRule ^wp-admin/install\.php$ - [F]
  49. RewriteRule ^wp-admin/includes/ - [F]
  50. RewriteRule !^wp-includes/ - [S=3]
  51. RewriteRule ^wp-includes/[^/]+\.php$ - [F]
  52. RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]
  53. RewriteRule ^wp-includes/theme-compat/ - [F]
  54. RewriteCond %{REQUEST_FILENAME} -f
  55. RewriteRule (^|.*/)\.(git|svn)/.* - [F]
  57. # Disable PHP in Uploads - Security > Settings > System Tweaks > PHP in Uploads
  58. RewriteRule ^wp\-content/uploads/.*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ - [NC,F]
  60. # Disable PHP in Plugins - Security > Settings > System Tweaks > PHP in Plugins
  61. RewriteRule ^wp\-content/plugins/.*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ - [NC,F]
  63. # Disable PHP in Themes - Security > Settings > System Tweaks > PHP in Themes
  64. RewriteRule ^wp\-content/themes/.*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ - [NC,F]
  65. </IfModule>
  66. # END iThemes Security - Do not modify or remove this line
  68. # BEGIN WpFastestCache
  69. # Modified Time: 05-03-23 4:03:53
  70. <IfModule mod_rewrite.c>
  71. RewriteEngine On
  72. RewriteBase /
  73. RewriteCond %{HTTPS} =on
  74. RewriteCond %{HTTP_HOST} ^
  75. # Start WPFC Exclude
  76. # End WPFC Exclude
  77. # Start_WPFC_Exclude_Admin_Cookie
  78. RewriteCond %{HTTP:Cookie} !wordpress_logged_in_[^\=]+\=adminngo
  79. # End_WPFC_Exclude_Admin_Cookie
  80. RewriteCond %{HTTP_HOST} ^
  81. RewriteCond %{HTTP_USER_AGENT} !(facebookexternalhit|WP_FASTEST_CACHE_CSS_VALIDATOR|Twitterbot|LinkedInBot|WhatsApp|Mediatoolkitbot)
  82. RewriteCond %{HTTP_USER_AGENT} !(WP\sFastest\sCache\sPreload(\siPhone\sMobile)?\s*Bot)
  83. RewriteCond %{REQUEST_METHOD} !POST
  84. RewriteCond %{REQUEST_URI} !(\/){2}$
  85. RewriteCond %{REQUEST_URI} \/$
  86. RewriteCond %{QUERY_STRING} !.+
  87. RewriteCond %{HTTP:Cookie} !wordpress_logged_in
  88. RewriteCond %{HTTP:Cookie} !comment_author_
  89. RewriteCond %{HTTP:Cookie} !safirmobilswitcher=mobil
  90. RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
  91. RewriteCond %{HTTP_USER_AGENT} !^.*\bCrMo\b|CriOS|Android.*Chrome\/[.0-9]*\s(Mobile)?|\bDolfin\b|Opera.*Mini|Opera.*Mobi|Android.*Opera|Mobile.*OPR\/[0-9.]+|Coast\/[0-9.]+|Skyfire|Mobile\sSafari\/[.0-9]*\sEdge|IEMobile|MSIEMobile|fennec|firefox.*maemo|(Mobile|Tablet).*Firefox|Firefox.*Mobile|FxiOS|bolt|teashark|Blazer|Version.*Mobile.*Safari|Safari.*Mobile|MobileSafari|Tizen|UC.*Browser|UCWEB|baiduboxapp|baidubrowser|DiigoBrowser|Puffin|\bMercury\b|Obigo|NF-Browser|NokiaBrowser|OviBrowser|OneBrowser|TwonkyBeamBrowser|SEMC.*Browser|FlyFlow|Minimo|NetFront|Novarra-Vision|MQQBrowser|MicroMessenger|Android.*PaleMoon|Mobile.*PaleMoon|Android|blackberry|\bBB10\b|rim\stablet\sos|PalmOS|avantgo|blazer|elaine|hiptop|palm|plucker|xiino|Symbian|SymbOS|Series60|Series40|SYB-[0-9]+|\bS60\b|Windows\sCE.*(PPC|Smartphone|Mobile|[0-9]{3}x[0-9]{3})|Window\sMobile|Windows\sPhone\s[0-9.]+|WCE;|Windows\sPhone\s10.0|Windows\sPhone\s8.1|Windows\sPhone\s8.0|Windows\sPhone\sOS|XBLWP7|ZuneWP7|Windows\sNT\s6\.[23]\;\sARM\;|\biPhone.*Mobile|\biPod|\biPad|Apple-iPhone7C2|MeeGo|Maemo|J2ME\/|\bMIDP\b|\bCLDC\b|webOS|hpwOS|\bBada\b|BREW.*$ [NC]
  92. RewriteCond %{DOCUMENT_ROOT}/wp-content/cache/all/$1/index.html -f [or]
  93. RewriteCond /home1/astmskmy/public_html/ngopartners/wp-content/cache/all/$1/index.html -f
  94. RewriteRule ^(.*) "/wp-content/cache/all/$1/index.html" [L]
  95. </IfModule>
  96. <FilesMatch "index\.(html|htm)$">
  97. AddDefaultCharset UTF-8
  98. <ifModule mod_headers.c>
  99. FileETag None
  100. Header unset ETag
  101. Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
  102. Header set Pragma "no-cache"
  103. Header set Expires "Mon, 29 Oct 1923 20:30:00 GMT"
  104. </ifModule>
  105. </FilesMatch>
  106. # END WpFastestCache
  107. # BEGIN GzipWpFastestCache
  108. <IfModule mod_deflate.c>
  109. AddType x-font/woff .woff
  110. AddType x-font/ttf .ttf
  111. AddOutputFilterByType DEFLATE image/svg+xml
  112. AddOutputFilterByType DEFLATE text/plain
  113. AddOutputFilterByType DEFLATE text/html
  114. AddOutputFilterByType DEFLATE text/xml
  115. AddOutputFilterByType DEFLATE text/css
  116. AddOutputFilterByType DEFLATE text/javascript
  117. AddOutputFilterByType DEFLATE application/xml
  118. AddOutputFilterByType DEFLATE application/xhtml+xml
  119. AddOutputFilterByType DEFLATE application/rss+xml
  120. AddOutputFilterByType DEFLATE application/javascript
  121. AddOutputFilterByType DEFLATE application/x-javascript
  122. AddOutputFilterByType DEFLATE application/x-font-ttf
  123. AddOutputFilterByType DEFLATE x-font/ttf
  124. AddOutputFilterByType DEFLATE application/
  125. AddOutputFilterByType DEFLATE font/opentype font/ttf font/eot font/otf
  126. </IfModule>
  127. # END GzipWpFastestCache
  128. # BEGIN LBCWpFastestCache
  129. <FilesMatch "\.(webm|ogg|mp4|ico|pdf|flv|avif|jpg|jpeg|png|gif|webp|js|css|swf|x-html|css|xml|js|woff|woff2|otf|ttf|svg|eot)(\.gz)?$">
  130. <IfModule mod_expires.c>
  131. AddType application/font-woff2 .woff2
  132. AddType application/x-font-opentype .otf
  133. ExpiresActive On
  134. ExpiresDefault A0
  135. ExpiresByType video/webm A10368000
  136. ExpiresByType video/ogg A10368000
  137. ExpiresByType video/mp4 A10368000
  138. ExpiresByType image/avif A10368000
  139. ExpiresByType image/webp A10368000
  140. ExpiresByType image/gif A10368000
  141. ExpiresByType image/png A10368000
  142. ExpiresByType image/jpg A10368000
  143. ExpiresByType image/jpeg A10368000
  144. ExpiresByType image/ico A10368000
  145. ExpiresByType image/svg+xml A10368000
  146. ExpiresByType text/css A10368000
  147. ExpiresByType text/javascript A10368000
  148. ExpiresByType application/javascript A10368000
  149. ExpiresByType application/x-javascript A10368000
  150. ExpiresByType application/font-woff2 A10368000
  151. ExpiresByType application/x-font-opentype A10368000
  152. ExpiresByType application/x-font-truetype A10368000
  153. </IfModule>
  154. <IfModule mod_headers.c>
  155. Header set Expires "max-age=A10368000, public"
  156. Header unset ETag
  157. Header set Connection keep-alive
  158. FileETag None
  159. </IfModule>
  160. </FilesMatch>
  161. # END LBCWpFastestCache
  163. # BEGIN WordPress
  164. # The directives (lines) between "BEGIN WordPress" and "END WordPress" are
  165. # dynamically generated, and should only be modified via WordPress filters.
  166. # Any changes to the directives between these markers will be overwritten.
  167. <IfModule mod_rewrite.c>
  168. RewriteEngine On
  169. RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  170. RewriteBase /
  171. RewriteRule ^index\.php$ - [L]
  172. RewriteCond %{REQUEST_FILENAME} !-f
  173. RewriteCond %{REQUEST_FILENAME} !-d
  174. RewriteRule . /index.php [L]
  175. </IfModule>
  177. # END WordPress
  179. # php -- BEGIN cPanel-generated handler, do not edit
  180. # Set the “ea-php80” package as the default “PHP” programming language.
  181. <IfModule mime_module>
  182. AddHandler application/x-httpd-ea-php80 .php .php8 .phtml
  183. </IfModule>
  184. # php -- END cPanel-generated handler, do not edit
