Better protect with .htaccess against WP attacks

1. Better protection for your your Wordpress website, against «brute force» attacks.
2. Copy and paste this lines in your .htaccess file:
3.  
4. #START OF PROTECTION
5. IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*
6.  
7. Options All -Indexes
8.  
9. <Files license.txt>
10. order allow,deny
11. deny from all
12. </files>
13. <Files wp-config-sample.php>
14. order allow,deny
15. deny from all
16. </Files>
17. <Files readme.html>
18. order allow,deny
19. deny from all
20. </Files>
21. <Files .htaccess>
22. order allow,deny
23. deny from all
24. </Files>
25. ServerSignature Off
26. LimitRequestBody 10240000
27. <Files wp-config.php>
28. order allow,deny
29. deny from all
30. </Files>
31.  
32. <Limit GET POST>
33. order deny,allow
34. deny from all
35. allow from all
36. </Limit>
37. <Limit PUT DELETE>
38. order deny,allow
39. deny from all
40. </Limit>
41.  
42. #DISABLE TRACE TRACK
43. RewriteEngine On
44. RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
45. RewriteRule .* - [F]
46.  
47. #FORBID PROXY COMMENTS
48. RewriteCond %{REQUEST_METHOD} =POST
49. RewriteCond %{HTTP:VIA}%{HTTP:FORWARDED}%{HTTP:USERAGENT_VIA}%{HTTP:X_FORWARDED_FOR}%{HTTP:PROXY_CONNECTION} !^$ [OR]
50. RewriteCond %{HTTP:XPROXY_CONNECTION}%{HTTP:HTTP_PC_REMOTE_ADDR}%{HTTP:HTTP_CLIENT_IP} !^$
51. RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]
52. RewriteRule .* - [F,NS,L]
53.  
54. #DENY BAD QUERY STRINGS
55. RewriteCond %{QUERY_STRING} tag= [NC,OR]
56. RewriteCond %{QUERY_STRING} ftp: [NC,OR]
57. RewriteCond %{QUERY_STRING} http: [NC,OR]
58. RewriteCond %{QUERY_STRING} https: [NC,OR]
59. RewriteCond %{QUERY_STRING} mosConfig [NC,OR]
60. RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
61. RewriteCond %{QUERY_STRING} (\;|'|\"|%22).*(request|insert|union|declare|drop) [NC]
62. RewriteRule ^(.*)$ - [F,L]
63.  
64. <IfModule mod_alias.c>
65. RedirectMatch 403 \,
66. RedirectMatch 403 \:
67. RedirectMatch 403 \;
68. RedirectMatch 403 \=
69. RedirectMatch 403 \@
70. RedirectMatch 403 \[
71. RedirectMatch 403 \]
72. RedirectMatch 403 \^
73. RedirectMatch 403 \`
74. RedirectMatch 403 \{
75. RedirectMatch 403 \}
76. RedirectMatch 403 \~
77. RedirectMatch 403 \"
78. RedirectMatch 403 \$
79. RedirectMatch 403 \<
80. RedirectMatch 403 \>
81. RedirectMatch 403 \|
82. RedirectMatch 403 \.\.
83. RedirectMatch 403 \%0
84. RedirectMatch 403 \%A
85. RedirectMatch 403 \%B
86. RedirectMatch 403 \%C
87. RedirectMatch 403 \%D
88. RedirectMatch 403 \%E
89. RedirectMatch 403 \%F
90. RedirectMatch 403 \%22
91. RedirectMatch 403 \%27
92. RedirectMatch 403 \%28
93. RedirectMatch 403 \%29
94. RedirectMatch 403 \%3C
95. RedirectMatch 403 \%3E
96. RedirectMatch 403 \%3F
97. RedirectMatch 403 \%5B
98. RedirectMatch 403 \%5C
99. RedirectMatch 403 \%5D
100. RedirectMatch 403 \%7B
101. RedirectMatch 403 \%7C
102. RedirectMatch 403 \%7D
103.  
104. # COMMON PATTERNS
105. Redirectmatch 403 \_vpi
106. RedirectMatch 403 \.inc
107. Redirectmatch 403 xAou6
108. Redirectmatch 403 db\_name
109. Redirectmatch 403 select\(
110. Redirectmatch 403 convert\(
111. Redirectmatch 403 \/query\/
112. RedirectMatch 403 ImpEvData
113. Redirectmatch 403 \.XMLHTTP
114. Redirectmatch 403 proxydeny
115. RedirectMatch 403 function\.
116. Redirectmatch 403 remoteFile
117. Redirectmatch 403 servername
118. Redirectmatch 403 \&rptmode\=
119. Redirectmatch 403 sys\_cpanel
120. RedirectMatch 403 db\_connect
121. RedirectMatch 403 doeditconfig
122. RedirectMatch 403 check\_proxy
123. Redirectmatch 403 system\_user
124. Redirectmatch 403 \/\(null\)\/
125. Redirectmatch 403 clientrequest
126. Redirectmatch 403 option\_value
127. RedirectMatch 403 ref\.outcontrol
128.  
129. # SPECIFIC EXPLOITS
130. RedirectMatch 403 errors\.
131. RedirectMatch 403 config\.
132. RedirectMatch 403 include\.
133. RedirectMatch 403 display\.
134. RedirectMatch 403 register\.
135. Redirectmatch 403 password\.
136. RedirectMatch 403 maincore\.
137. RedirectMatch 403 authorize\.
138. Redirectmatch 403 macromates\.
139. RedirectMatch 403 head\_auth\.
140. RedirectMatch 403 submit\_links\.
141. RedirectMatch 403 change\_action\.
142. Redirectmatch 403 com\_facileforms\/
143. RedirectMatch 403 admin\_db\_utilities\.
144. RedirectMatch 403 admin\.webring\.docs\.
145. Redirectmatch 403 Table\/Latest\/index\.
146. </IfModule>
147. #END OF PROTECTION