Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Better protection for your your Wordpress website, against «brute force» attacks.
- Copy and paste this lines in your .htaccess file:
- #START OF PROTECTION
- IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*
- Options All -Indexes
- <Files license.txt>
- order allow,deny
- deny from all
- </files>
- <Files wp-config-sample.php>
- order allow,deny
- deny from all
- </Files>
- <Files readme.html>
- order allow,deny
- deny from all
- </Files>
- <Files .htaccess>
- order allow,deny
- deny from all
- </Files>
- ServerSignature Off
- LimitRequestBody 10240000
- <Files wp-config.php>
- order allow,deny
- deny from all
- </Files>
- <Limit GET POST>
- order deny,allow
- deny from all
- allow from all
- </Limit>
- <Limit PUT DELETE>
- order deny,allow
- deny from all
- </Limit>
- #DISABLE TRACE TRACK
- RewriteEngine On
- RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
- RewriteRule .* - [F]
- #FORBID PROXY COMMENTS
- RewriteCond %{REQUEST_METHOD} =POST
- RewriteCond %{HTTP:VIA}%{HTTP:FORWARDED}%{HTTP:USERAGENT_VIA}%{HTTP:X_FORWARDED_FOR}%{HTTP:PROXY_CONNECTION} !^$ [OR]
- RewriteCond %{HTTP:XPROXY_CONNECTION}%{HTTP:HTTP_PC_REMOTE_ADDR}%{HTTP:HTTP_CLIENT_IP} !^$
- RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]
- RewriteRule .* - [F,NS,L]
- #DENY BAD QUERY STRINGS
- RewriteCond %{QUERY_STRING} tag= [NC,OR]
- RewriteCond %{QUERY_STRING} ftp: [NC,OR]
- RewriteCond %{QUERY_STRING} http: [NC,OR]
- RewriteCond %{QUERY_STRING} https: [NC,OR]
- RewriteCond %{QUERY_STRING} mosConfig [NC,OR]
- RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
- RewriteCond %{QUERY_STRING} (\;|'|\"|%22).*(request|insert|union|declare|drop) [NC]
- RewriteRule ^(.*)$ - [F,L]
- <IfModule mod_alias.c>
- RedirectMatch 403 \,
- RedirectMatch 403 \:
- RedirectMatch 403 \;
- RedirectMatch 403 \=
- RedirectMatch 403 \@
- RedirectMatch 403 \[
- RedirectMatch 403 \]
- RedirectMatch 403 \^
- RedirectMatch 403 \`
- RedirectMatch 403 \{
- RedirectMatch 403 \}
- RedirectMatch 403 \~
- RedirectMatch 403 \"
- RedirectMatch 403 \$
- RedirectMatch 403 \<
- RedirectMatch 403 \>
- RedirectMatch 403 \|
- RedirectMatch 403 \.\.
- RedirectMatch 403 \%0
- RedirectMatch 403 \%A
- RedirectMatch 403 \%B
- RedirectMatch 403 \%C
- RedirectMatch 403 \%D
- RedirectMatch 403 \%E
- RedirectMatch 403 \%F
- RedirectMatch 403 \%22
- RedirectMatch 403 \%27
- RedirectMatch 403 \%28
- RedirectMatch 403 \%29
- RedirectMatch 403 \%3C
- RedirectMatch 403 \%3E
- RedirectMatch 403 \%3F
- RedirectMatch 403 \%5B
- RedirectMatch 403 \%5C
- RedirectMatch 403 \%5D
- RedirectMatch 403 \%7B
- RedirectMatch 403 \%7C
- RedirectMatch 403 \%7D
- # COMMON PATTERNS
- Redirectmatch 403 \_vpi
- RedirectMatch 403 \.inc
- Redirectmatch 403 xAou6
- Redirectmatch 403 db\_name
- Redirectmatch 403 select\(
- Redirectmatch 403 convert\(
- Redirectmatch 403 \/query\/
- RedirectMatch 403 ImpEvData
- Redirectmatch 403 \.XMLHTTP
- Redirectmatch 403 proxydeny
- RedirectMatch 403 function\.
- Redirectmatch 403 remoteFile
- Redirectmatch 403 servername
- Redirectmatch 403 \&rptmode\=
- Redirectmatch 403 sys\_cpanel
- RedirectMatch 403 db\_connect
- RedirectMatch 403 doeditconfig
- RedirectMatch 403 check\_proxy
- Redirectmatch 403 system\_user
- Redirectmatch 403 \/\(null\)\/
- Redirectmatch 403 clientrequest
- Redirectmatch 403 option\_value
- RedirectMatch 403 ref\.outcontrol
- # SPECIFIC EXPLOITS
- RedirectMatch 403 errors\.
- RedirectMatch 403 config\.
- RedirectMatch 403 include\.
- RedirectMatch 403 display\.
- RedirectMatch 403 register\.
- Redirectmatch 403 password\.
- RedirectMatch 403 maincore\.
- RedirectMatch 403 authorize\.
- Redirectmatch 403 macromates\.
- RedirectMatch 403 head\_auth\.
- RedirectMatch 403 submit\_links\.
- RedirectMatch 403 change\_action\.
- Redirectmatch 403 com\_facileforms\/
- RedirectMatch 403 admin\_db\_utilities\.
- RedirectMatch 403 admin\.webring\.docs\.
- Redirectmatch 403 Table\/Latest\/index\.
- </IfModule>
- #END OF PROTECTION
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement