htaccess Wordpress

1. # ----------------------------------------------------------------------
2. # | Komprimierung und Caching |
3. # ----------------------------------------------------------------------
4.  
5. # Serve resources with far-future expires headers.
6. #
7. # (!) If you don't control versioning with filename-based
8. # cache busting, you should consider lowering the cache times
9. # to something like one week.
10. #
11. # https://httpd.apache.org/docs/current/mod/mod_expires.html
12.  
13. # BEGINN CACHIFY
14. <IfModule mod_rewrite.c>
15. # ENGINE ON
16. RewriteEngine On
17.  
18. # GZIP FILE
19. <IfModule mod_mime.c>
20. RewriteCond %{REQUEST_URI} /$
21. RewriteCond %{REQUEST_URI} !^/wp-admin/.*
22. RewriteCond %{REQUEST_METHOD} !=POST
23. RewriteCond %{QUERY_STRING} =""
24. RewriteCond %{HTTP_COOKIE} !(wp-postpass|wordpress_logged_in|comment_author)_
25. RewriteCond %{HTTP:Accept-Encoding} gzip
26. RewriteCond %{DOCUMENT_ROOT}/wp-content/cache/cachify/%{HTTP_HOST}%{REQUEST_URI}index.html.gz -f
27. RewriteRule ^(.*) /wp-content/cache/cachify/%{HTTP_HOST}%{REQUEST_URI}index.html.gz [L]
28.  
29. AddType text/html .gz
30. AddEncoding gzip .gz
31. </IfModule>
32.  
33. # HTML FILE
34. RewriteCond %{REQUEST_URI} /$
35. RewriteCond %{REQUEST_URI} !^/wp-admin/.*
36. RewriteCond %{REQUEST_METHOD} !=POST
37. RewriteCond %{QUERY_STRING} =""
38. RewriteCond %{HTTP_COOKIE} !(wp-postpass|wordpress_logged_in|comment_author)_
39. RewriteCond %{DOCUMENT_ROOT}/wp-content/cache/cachify/%{HTTP_HOST}%{REQUEST_URI}index.html -f
40. RewriteRule ^(.*) /wp-content/cache/cachify/%{HTTP_HOST}%{REQUEST_URI}index.html [L]
41. </IfModule>
42. # END CACHIFY
43.  
44. <IfModule mod_expires.c>
45. ExpiresActive on
46. ExpiresDefault "access plus 1 month"
47.  
48. # CSS
49. ExpiresByType text/css "access plus 1 year"
50.  
51. # Data interchange
52. ExpiresByType application/atom+xml "access plus 1 hour"
53. ExpiresByType application/rdf+xml "access plus 1 hour"
54. ExpiresByType application/rss+xml "access plus 1 hour"
55.  
56. ExpiresByType application/json "access plus 0 seconds"
57. ExpiresByType application/ld+json "access plus 0 seconds"
58. ExpiresByType application/schema+json "access plus 0 seconds"
59. ExpiresByType application/vnd.geo+json "access plus 0 seconds"
60. ExpiresByType application/xml "access plus 0 seconds"
61. ExpiresByType text/xml "access plus 0 seconds"
62.  
63. # Favicon (cannot be renamed!) and cursor images
64. ExpiresByType image/vnd.microsoft.icon "access plus 1 week"
65. ExpiresByType image/x-icon "access plus 1 week"
66.  
67. # HTML - Behält die Website eine Stunde im Cache, neues wird erst nach Ablauf einer Stunde
68. # angezeigt. Wenn nicht gewuenscht, bei 3600 eine Null eintragen
69. ExpiresByType text/html "access plus 3600 seconds"
70.  
71. # JavaScript
72. ExpiresByType application/javascript "access plus 1 year"
73. ExpiresByType application/x-javascript "access plus 1 year"
74. ExpiresByType text/javascript "access plus 1 year"
75.  
76. # Manifest files
77. ExpiresByType application/manifest+json "access plus 1 week"
78. ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds"
79. ExpiresByType text/cache-manifest "access plus 0 seconds"
80.  
81. # Media files
82. ExpiresByType audio/ogg "access plus 1 month"
83. ExpiresByType image/bmp "access plus 1 month"
84. ExpiresByType image/gif "access plus 1 month"
85. ExpiresByType image/jpeg "access plus 1 month"
86. ExpiresByType image/png "access plus 1 month"
87. ExpiresByType image/svg+xml "access plus 1 month"
88. ExpiresByType image/webp "access plus 1 month"
89. ExpiresByType video/mp4 "access plus 1 month"
90. ExpiresByType video/ogg "access plus 1 month"
91. ExpiresByType video/webm "access plus 1 month"
92.  
93. # Web fonts
94.  
95. # Embedded OpenType (EOT)
96. ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
97. ExpiresByType font/eot "access plus 1 month"
98.  
99. # OpenType
100. ExpiresByType font/opentype "access plus 1 month"
101.  
102. # TrueType
103. ExpiresByType application/x-font-ttf "access plus 1 month"
104.  
105. # Web Open Font Format (WOFF) 1.0
106. ExpiresByType application/font-woff "access plus 1 month"
107. ExpiresByType application/x-font-woff "access plus 1 month"
108. ExpiresByType font/woff "access plus 1 month"
109.  
110. # Web Open Font Format (WOFF) 2.0
111. ExpiresByType application/font-woff2 "access plus 1 month"
112.  
113. # Other
114. ExpiresByType text/x-cross-domain-policy "access plus 1 week"
115. </IfModule>
116.  
117. <IfModule mod_deflate.c>
118. # Insert filters / compress text, html, javascript, css, xml:
119. AddOutputFilterByType DEFLATE text/plain
120. AddOutputFilterByType DEFLATE text/html
121. AddOutputFilterByType DEFLATE text/xml
122. AddOutputFilterByType DEFLATE text/css
123. AddOutputFilterByType DEFLATE text/vtt
124. AddOutputFilterByType DEFLATE text/x-component
125. AddOutputFilterByType DEFLATE application/xml
126. AddOutputFilterByType DEFLATE application/xhtml+xml
127. AddOutputFilterByType DEFLATE application/rss+xml
128. AddOutputFilterByType DEFLATE application/js
129. AddOutputFilterByType DEFLATE application/javascript
130. AddOutputFilterByType DEFLATE application/x-javascript
131. AddOutputFilterByType DEFLATE application/x-httpd-php
132. AddOutputFilterByType DEFLATE application/x-httpd-fastphp
133. AddOutputFilterByType DEFLATE application/atom+xml
134. AddOutputFilterByType DEFLATE application/json
135. AddOutputFilterByType DEFLATE application/ld+json
136. AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
137. AddOutputFilterByType DEFLATE application/x-font-ttf
138. AddOutputFilterByType DEFLATE application/x-web-app-manifest+json
139. AddOutputFilterByType DEFLATE font/opentype
140. AddOutputFilterByType DEFLATE image/svg+xml
141. AddOutputFilterByType DEFLATE image/x-icon
142.  
143. # Exception: Images
144. SetEnvIfNoCase REQUEST_URI \.(?:gif|jpg|jpeg|png|svg)$ no-gzip dont-vary
145.  
146. # Drop problematic browsers
147. BrowserMatch ^Mozilla/4 gzip-only-text/html
148. BrowserMatch ^Mozilla/4\.0[678] no-gzip
149. BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
150.  
151. </IfModule>
152.  
153. #Alternative caching using Apache's "mod_headers", if it's installed.
154. #Caching of common files - ENABLED
155. <IfModule mod_headers.c>
156. <FilesMatch "\.(ico|pdf|flv|swf|js|css|gif|png|jpg|jpeg|txt)$">
157. Header set Cache-Control "max-age=2592000, public"
158. </FilesMatch>
159. </IfModule>
160.  
161. <IfModule mod_headers.c>
162. <FilesMatch "\.(js|css|xml|gz)$">
163. Header append Vary Accept-Encoding
164. </FilesMatch>
165. </IfModule>
166.  
167. # Set Keep Alive Header
168. <IfModule mod_headers.c>
169. Header set Connection keep-alive
170. </IfModule>
171.  
172. # If your server don't support ETags deactivate with "None" (and remove header)
173. <IfModule mod_expires.c>
174. <IfModule mod_headers.c>
175. Header unset ETag
176. </IfModule>
177. FileETag None
178. </IfModule>
179.  
180. # ----------------------------------------------------------------------
181. # | 6g Firewall für Sicherheit - HIER NICHTS AENDERN, ANSONSTEN IST DIE WEBSITE ANGREIFBAR
182. # ----------------------------------------------------------------------
183.  
184. # 6G FIREWALL/BLACKLIST
185. # @ https://perishablepress.com/6g/
186.  
187. # 6G:[QUERY STRINGS]
188. <IfModule mod_rewrite.c>
189. RewriteEngine On
190. RewriteCond %{QUERY_STRING} (eval\() [NC,OR]
191. RewriteCond %{QUERY_STRING} (127\.0\.0\.1) [NC,OR]
192. RewriteCond %{QUERY_STRING} ([a-z0-9]{2000}) [NC,OR]
193. RewriteCond %{QUERY_STRING} (javascript:)(.*)(;) [NC,OR]
194. RewriteCond %{QUERY_STRING} (base64_encode)(.*)(\() [NC,OR]
195. RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC,OR]
196. RewriteCond %{QUERY_STRING} (<|%3C)(.*)script(.*)(>|%3) [NC,OR]
197. RewriteCond %{QUERY_STRING} (\\|\.\.\.|\.\./|~|`|<|>|\|) [NC,OR]
198. RewriteCond %{QUERY_STRING} (boot\.ini|etc/passwd|self/environ) [NC,OR]
199. RewriteCond %{QUERY_STRING} (thumbs?(_editor|open)?|tim(thumb)?)\.php [NC,OR]
200. RewriteCond %{QUERY_STRING} (\'|\")(.*)(drop|insert|md5|select|union) [NC]
201. RewriteRule .* - [F]
202. </IfModule>
203. # 6G:[REQUEST METHOD]
204. <IfModule mod_rewrite.c>
205. RewriteCond %{REQUEST_METHOD} ^(connect|debug|delete|move|put|trace|track) [NC]
206. RewriteRule .* - [F]
207. </IfModule>
208. # 6G:[REFERRERS]
209. <IfModule mod_rewrite.c>
210. RewriteCond %{HTTP_REFERER} ([a-z0-9]{2000}) [NC,OR]
211. RewriteCond %{HTTP_REFERER} (semalt.com|todaperfeita) [NC]
212. RewriteRule .* - [F]
213. </IfModule>
214. # 6G:[REQUEST STRINGS]
215. <IfModule mod_alias.c>
216. RedirectMatch 403 (?i)([a-z0-9]{2000})
217. RedirectMatch 403 (?i)(https?|ftp|php):/
218. RedirectMatch 403 (?i)(base64_encode)(.*)(\()
219. RedirectMatch 403 (?i)(=\\\'|=\\%27|/\\\'/?)\.
220. RedirectMatch 403 (?i)/(\$(\&)?|\*|\"|\.|,|&|&amp;?)/?$
221. RedirectMatch 403 (?i)(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")
222. RedirectMatch 403 (?i)(~|`|<|>|:|;|,|%|\\|\s|\{|\}|\[|\]|\|)
223. RedirectMatch 403 (?i)/(=|\$&|_mm|cgi-|etc/passwd|muieblack)
224. RedirectMatch 403 (?i)(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)
225. RedirectMatch 403 (?i)\.(aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rar|rdf)$
226. RedirectMatch 403 (?i)/(^$|(wp-)?config|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php
227. </IfModule>
228.  
229. # 6G:[USER AGENTS]
230. <IfModule mod_setenvif.c>
231. SetEnvIfNoCase User-Agent ([a-z0-9]{2000}) bad_bot
232. SetEnvIfNoCase User-Agent (archive.org|binlar|casper|checkpriv|choppy|clshttp|cmsworld|diavol|dotbot|extract|feedfinder|flicky|g00g1e|harvest|heritrix|httrack|kmccrew|loader|miner|nikto|nutch|planetwork|postrank|purebot|pycurl|python|seekerspider|siclab|skygrid|sqlmap|sucker|turnit|vikspider|winhttp|xxxyy|youda|zmeu|zune) bad_bot
233. <limit GET POST PUT>
234. Order Allow,Deny
235. Allow from All
236. Deny from env=bad_bot
237. </limit>
238. </IfModule>
239.  
240. # 6G:[BAD IPS]
241. <Limit GET HEAD OPTIONS POST PUT>
242. Order Allow,Deny
243. Allow from All
244. # uncomment/edit/repeat next line to block IPs
245. # Deny from 123.456.789
246. </Limit>
247.  
248. # ----------------------------------------------------------------------
249. # | Zeichensatz setzen
250. # ----------------------------------------------------------------------
251.  
252. AddDefaultCharset UTF-8
253.  
254. # ----------------------------------------------------------------------
255. # Wichtige WordPress-Dateien gegen den Zugriff von außen blocken
256. # ----------------------------------------------------------------------
257.  
258. # Kein Zugriff auf die install.php
259. <files install.php>
260. Order allow,deny
261. Deny from all
262. </files>
263.  
264. # Kein Zugriff auf die wp-config.php
265. <files wp-config.php>
266. Order allow,deny
267. Deny from all
268. </files>
269.  
270. # Kein Zugriff auf die readme.html
271. <files readme.html>
272. Order Allow,Deny
273. Deny from all
274. Satisfy all
275. </Files>
276.  
277. # Kein Zugriff auf die liesmich.html für die DE Edition
278. <Files liesmich.html>
279. Order Allow,Deny
280. Deny from all
281. Satisfy all
282. </Files>
283.  
284. # Kein Zugriff auf das Error-Log
285. <files error_log>
286. Order allow,deny
287. Deny from all
288. </files>
289.  
290. #Zugriff auf .htaccess und .htpasswd verbieten. Wenn keine .htpasswd benutzt wird, kann der Code dafür entfernt werden.
291. #<FilesMatch "(\.htaccess|\.htpasswd)">
292. # Order deny,allow
293. # Deny from all
294. #</FilesMatch>
295.  
296. # Den Zugriff auf den Include-Ordner verbieten
297. <IfModule mod_rewrite.c>
298. RewriteEngine On
299. RewriteBase /
300. RewriteRule ^wp-admin/includes/ - [F,L]
301. RewriteRule !^wp-includes/ - [S=3]
302. RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
303. RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
304. RewriteRule ^wp-includes/theme-compat/ - [F,L]
305. </IfModule>
306.  
307. # ----------------------------------------------------------------------
308. # Schutz des Administrator-Bereichs. Wenn der .htaccess/.htpasswd Schutz
309. # genutzt werden soll, auskommentieren UND PFAD ANPASSEN
310. # ----------------------------------------------------------------------
311.  
312. #<Files wp-login.php>
313. #AuthName "Admin-Bereich"
314. #AuthType Basic
315. #AuthUserFile dein/pfad/zur/.htpasswd
316. #require valid-user
317. #</Files>
318.  
319. # ----------------------------------------------------------------------
320. # Hotlinking verbieten (verhindert, dass andere Deine Bilder von Deinem Server nutzen
321. # WICHTIG: Auskommentieren und deine Domain einfuegen
322. # ----------------------------------------------------------------------
323.  
324. #<IfModule mod_rewrite.c>
325. #RewriteEngine on
326. #RewriteCond %{HTTP_REFERER} !^$
327. #RewriteCond %{HTTP_REFERER} !^https://(www\.)?democraticpost\.de(/.*)?$ [NC]
328. #RewriteRule \.(jpg|jpeg|gif||png)$ - [F]
329. #</ifModule>
330.  
331. # ----------------------------------------------------------------------
332. # Das Sicherheitsrisiko XML-RPC Schnittstelle komplett abschalten
333. # ----------------------------------------------------------------------
334.  
335. <Files xmlrpc.php>
336. Order Deny,Allow
337. Deny from all
338. </Files>
339.  
340. # ----------------------------------------------------------------------
341. # | WordPress Rewrite Rules - HIER NICHTS AENDERN, ODER WORDPRESS FUNKTIONIERT NICHT MEHR
342. # ----------------------------------------------------------------------
343.  
344. # BEGIN WordPress
345. <IfModule mod_rewrite.c>
346. RewriteEngine On
347. RewriteBase /
348. RewriteRule ^index\.php$ - [L]
349. RewriteCond %{REQUEST_FILENAME} !-f
350. RewriteCond %{REQUEST_FILENAME} !-d
351. RewriteRule . /index.php [L]
352. </IfModule>
353. # END WordPress