API tools faq
paste
Advertisement
Guest User

wordpress securing

a guest
Oct 28th, 2013
282
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.24 KB | None | 0 0
raw download clone embed print report
  1. Plaats het volgende daarnaast in je .htaccess in de wordpress hoofddirectory
  2.  
  3. Options +FollowSymlinks
  4. RewriteEngine On
  5.  
  6. ## Disable the Server Signature
  7. ServerSignature Off
  8.  
  9. ## Remove Spamming query's
  10. <ifModule mod_rewrite.c>
  11. RewriteCond %{QUERY_STRING} admin|install|other|words|here [NC]
  12. RewriteRule .* http://www.%{HTTP_HOST}/$1? [R=301,L]
  13. </ifModule>
  14.  
  15. ## Protecting againts spam bots
  16. <IfModule mod_rewrite.c>
  17. RewriteCond %{REQUEST_METHOD} POST
  18. RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
  19. RewriteCond %{HTTP_REFERER} !.yourwebsite.com.* [OR]
  20. RewriteCond %{HTTP_USER_AGENT} ^$
  21. RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]
  22. </IfModule>
  23.  
  24. ## Prevent SQL Injections
  25. <IfModule mod_rewrite.c>
  26. RewriteBase /
  27. RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC]
  28. RewriteRule ^(.*)$ - [F,L]
  29. RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
  30. RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
  31. RewriteCond %{QUERY_STRING} tag\= [NC,OR]
  32. RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
  33. RewriteCond %{QUERY_STRING} http\: [NC,OR]
  34. RewriteCond %{QUERY_STRING} https\: [NC,OR]
  35. RewriteCond %{QUERY_STRING} (\|%3E) [NC,OR]
  36. RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
  37. RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
  38. RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)||ê|"|;|\?|\*|=$).* [NC,OR]
  39. RewriteCond %{QUERY_STRING} ^.*("|'|<|>|\|{||).* [NC,OR]
  40. RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
  41. RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).* [NC,OR]
  42. RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
  43. RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare).* [NC]
  44. RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
  45. RewriteRule ^(.*)$ - [F,L]
  46. </IfModule>
  47.  
  48. ## Block specific wordpress installed files
  49. Options All -Indexes
  50. <files .htaccess>
  51. Order allow,deny
  52. Deny from all
  53. </files>
  54. <files readme.html>
  55. Order allow,deny
  56. Deny from all
  57. </files>
  58. <files license.txt>
  59. Order allow,deny
  60. Deny from all
  61. </files>
  62. <files install.php>
  63. Order allow,deny
  64. Deny from all
  65. </files>
  66. <files wp-config.php>
  67. Order allow,deny
  68. Deny from all
  69. </files>
  70. <files error_log>
  71. Order allow,deny
  72. Deny from all
  73. </files>
  74. <files version.php>
  75. Order allow,deny
  76. Deny from all
  77. </files>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!