daily pastebin goal
11%
SHARE
TWEET

Better protect with .htaccess against WP attacks

a guest Aug 5th, 2014 265 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Better protection for your your Wordpress website, against Ā«brute forceĀ» attacks.
  2. Copy and paste this lines in your .htaccess file:
  3.  
  4. #START OF PROTECTION
  5. IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*
  6.  
  7. Options All -Indexes
  8.  
  9. <Files license.txt>
  10. order allow,deny
  11. deny from all
  12. </files>
  13. <Files wp-config-sample.php>
  14. order allow,deny
  15. deny from all
  16. </Files>
  17. <Files readme.html>
  18. order allow,deny
  19. deny from all
  20. </Files>
  21. <Files .htaccess>
  22. order allow,deny
  23. deny from all
  24. </Files>
  25. ServerSignature Off
  26. LimitRequestBody 10240000
  27. <Files wp-config.php>
  28. order allow,deny
  29. deny from all
  30. </Files>
  31.  
  32. <Limit GET POST>
  33. order deny,allow
  34. deny from all
  35. allow from all
  36. </Limit>
  37. <Limit PUT DELETE>
  38. order deny,allow
  39. deny from all
  40. </Limit>
  41.  
  42. #DISABLE TRACE TRACK
  43. RewriteEngine On
  44. RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
  45. RewriteRule .* - [F]
  46.  
  47. #FORBID PROXY COMMENTS
  48. RewriteCond %{REQUEST_METHOD} =POST
  49. RewriteCond %{HTTP:VIA}%{HTTP:FORWARDED}%{HTTP:USERAGENT_VIA}%{HTTP:X_FORWARDED_FOR}%{HTTP:PROXY_CONNECTION} !^$ [OR]
  50. RewriteCond %{HTTP:XPROXY_CONNECTION}%{HTTP:HTTP_PC_REMOTE_ADDR}%{HTTP:HTTP_CLIENT_IP} !^$
  51. RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]
  52. RewriteRule .* - [F,NS,L]
  53.  
  54. #DENY BAD QUERY STRINGS
  55. RewriteCond %{QUERY_STRING} tag=     [NC,OR]
  56. RewriteCond %{QUERY_STRING} ftp:     [NC,OR]
  57. RewriteCond %{QUERY_STRING} http:    [NC,OR]
  58. RewriteCond %{QUERY_STRING} https:   [NC,OR]
  59. RewriteCond %{QUERY_STRING} mosConfig [NC,OR]
  60. RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
  61. RewriteCond %{QUERY_STRING} (\;|'|\"|%22).*(request|insert|union|declare|drop) [NC]
  62. RewriteRule ^(.*)$ - [F,L]
  63.  
  64. <IfModule mod_alias.c>
  65. RedirectMatch 403 \,
  66. RedirectMatch 403 \:
  67. RedirectMatch 403 \;
  68. RedirectMatch 403 \=
  69. RedirectMatch 403 \@
  70. RedirectMatch 403 \[
  71. RedirectMatch 403 \]
  72. RedirectMatch 403 \^
  73. RedirectMatch 403 \`
  74. RedirectMatch 403 \{
  75. RedirectMatch 403 \}
  76. RedirectMatch 403 \~
  77. RedirectMatch 403 \"
  78. RedirectMatch 403 \$
  79. RedirectMatch 403 \<
  80. RedirectMatch 403 \>
  81. RedirectMatch 403 \|
  82. RedirectMatch 403 \.\.
  83. RedirectMatch 403 \%0
  84. RedirectMatch 403 \%A
  85. RedirectMatch 403 \%B
  86. RedirectMatch 403 \%C
  87. RedirectMatch 403 \%D
  88. RedirectMatch 403 \%E
  89. RedirectMatch 403 \%F
  90. RedirectMatch 403 \%22
  91. RedirectMatch 403 \%27
  92. RedirectMatch 403 \%28
  93. RedirectMatch 403 \%29
  94. RedirectMatch 403 \%3C
  95. RedirectMatch 403 \%3E
  96. RedirectMatch 403 \%3F
  97. RedirectMatch 403 \%5B
  98. RedirectMatch 403 \%5C
  99. RedirectMatch 403 \%5D
  100. RedirectMatch 403 \%7B
  101. RedirectMatch 403 \%7C
  102. RedirectMatch 403 \%7D
  103.  
  104. # COMMON PATTERNS
  105. Redirectmatch 403 \_vpi
  106. RedirectMatch 403 \.inc
  107. Redirectmatch 403 xAou6
  108. Redirectmatch 403 db\_name
  109. Redirectmatch 403 select\(
  110. Redirectmatch 403 convert\(
  111. Redirectmatch 403 \/query\/
  112. RedirectMatch 403 ImpEvData
  113. Redirectmatch 403 \.XMLHTTP
  114. Redirectmatch 403 proxydeny
  115. RedirectMatch 403 function\.
  116. Redirectmatch 403 remoteFile
  117. Redirectmatch 403 servername
  118. Redirectmatch 403 \&rptmode\=
  119. Redirectmatch 403 sys\_cpanel
  120. RedirectMatch 403 db\_connect
  121. RedirectMatch 403 doeditconfig
  122. RedirectMatch 403 check\_proxy
  123. Redirectmatch 403 system\_user
  124. Redirectmatch 403 \/\(null\)\/
  125. Redirectmatch 403 clientrequest
  126. Redirectmatch 403 option\_value
  127. RedirectMatch 403 ref\.outcontrol
  128.  
  129. # SPECIFIC EXPLOITS
  130. RedirectMatch 403 errors\.
  131. RedirectMatch 403 config\.
  132. RedirectMatch 403 include\.
  133. RedirectMatch 403 display\.
  134. RedirectMatch 403 register\.
  135. Redirectmatch 403 password\.
  136. RedirectMatch 403 maincore\.
  137. RedirectMatch 403 authorize\.
  138. Redirectmatch 403 macromates\.
  139. RedirectMatch 403 head\_auth\.
  140. RedirectMatch 403 submit\_links\.
  141. RedirectMatch 403 change\_action\.
  142. Redirectmatch 403 com\_facileforms\/
  143. RedirectMatch 403 admin\_db\_utilities\.
  144. RedirectMatch 403 admin\.webring\.docs\.
  145. Redirectmatch 403 Table\/Latest\/index\.
  146. </IfModule>
  147. #END OF PROTECTION
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top