Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # BULLETPROOF .46.4 >>>>>>> SECURE .HTACCESS
- # If you edit the line of code above you will see error messages on the BPS status page
- # BPS is reading the version number in the htaccess file to validate checks
- # If you would like to change what is displayed above you
- # will need to edit the BPS functions.php file to match your changes
- # For more info see the BPS Guide at AIT-pro.com
- # If you are getting 500 Errors when activating BPS then comment out Options -Indexes
- Options -Indexes
- # Replace hotlinked images with replacement image
- RewriteEngine on
- RewriteCond %{HTTP_REFERER} !^http://(.+\.)?MainWpBlog\.com/ [NC]
- RewriteCond %{HTTP_REFERER} !^http://(.+\.)?AnotherSiteInside\.com/ [NC]
- RewriteCond %{HTTP_REFERER} !^http://(.+\.)?AnotherSiteInside\.com/ [NC]
- RewriteCond %{HTTP_REFERER} !^http://(.+\.)?google\.com/ [NC]
- RewriteCond %{HTTP_REFERER} !^http://(.+\.)?AnotherSiteInside\.com/ [NC]
- RewriteCond %{HTTP_REFERER} !^http://(.+\.)?SiteInSomeOtherHosting\.com/ [NC]
- RewriteCond %{HTTP_REFERER} !^http://(.+\.)?NewBlogNeedsInstallation\.com/ [NC]
- RewriteCond %{HTTP_REFERER} !^$
- RewriteRule .*\.(jpe?g|gif|bmp|png)$ /hotlink.jpe [L]
- # WPSuperCache
- # BEGIN WordPress
- <IfModule mod_rewrite.c>
- RewriteEngine On
- RewriteBase /
- RewriteRule ^index\.php$ - [L]
- RewriteCond %{REQUEST_FILENAME} !-f
- RewriteCond %{REQUEST_FILENAME} !-d
- RewriteRule . /index.php [L]
- </IfModule>
- # END WordPress
- # If you want to add a custom 403 Forbidden page for your website uncomment the
- # ErrorDocument line of code below and copy the ait-pro.com example forbidden
- # HTML page to your correct website folder. See the BPS Help and FAQ page for
- # detailed instructions on how to do this. If your Theme 404 template is named
- # 404.php then you can uncomment the 404 line below now. If your 404 template is
- # named some other file name then change 404.php to the name of your 404 template
- # name and uncomment the 404 line of code below.
- # ErrorDocument 403 /forbidden.html
- ErrorDocument 404 /404.php
- # Plugin conflicts will be handled case by case
- # You can leave the plugin fixes code intact just in case you install one of these plugins
- # at a later time. Thousands of lines of htaccess code can be read in milliseconds
- # so leaving the code intact does not slow down your website performance at all.
- # Thousands of plugins have been tested with BPS and the plugin conflict fixes
- # contained in this BPS master file are permanent fixes for conflicts found with
- # these plugins. If you use AutoMagic to create this file then your correct WordPress installation
- # folder name will be automatically added to the plugin fixes that need a WP folder name.
- # If you choose to manually edit this file instead of using AutoMagic be sure to add your
- # WordPress installation folder name to the fixes that require your WordPress folder name.
- # Your WordPress installation folder name can be found on the System Info page. If you only see
- # a forward slash then you have a root folder installation and do not need to add a folder name.
- # redirect_to= string fix - fixes issues with plugins that use the redirect_to= string
- RewriteCond %{QUERY_STRING} redirect_to=(.*) [NC]
- RewriteRule . - [S=30]
- # Login Plugins Password Reset And Redirect Conflicts Fix 1
- RewriteCond %{QUERY_STRING} action=resetpass&key=(.*) [NC]
- RewriteRule . - [S=30]
- # Login Plugins Password Reset And Redirect Conflicts Fix 2
- RewriteCond %{QUERY_STRING} action=rp&key=(.*) [NC]
- RewriteRule . - [S=30]
- # BuddyPress Logout Redirect fix - skip BPS Filters on Logout link Redirect
- # WordPress 3.0.4 or higher must be installed for this fix to work
- RewriteCond %{QUERY_STRING} action=logout&redirect_to=http%3A%2F%2F(.*) [NC]
- RewriteRule . - [S=30]
- # Ozh' Admin Drop Down Menu Display Fix
- RewriteCond %{REQUEST_URI} ^/wp-content/plugins/ozh-admin-drop-down-menu/ [NC]
- RewriteRule . - [S=30]
- # ComicPress Manager ComicPress Theme Image Fix
- RewriteCond %{REQUEST_URI} ^/wp-content/plugins/comicpress-manager/ [NC]
- RewriteRule . - [S=30]
- # TimThumb and all other Thumbnailer Images not displaying - Red X instead of Images
- # If your theme uses an image thumbnailer script file this fix will work to display images correctly
- # as long as thumb is part of the file name like timthumb.php, thumb.php, thumbs.php or phpthumb.php
- RewriteCond %{REQUEST_FILENAME} ^(.*)thumb(.*)$ [NC]
- RewriteRule ^(.*)$ - [S=30]
- # YAPB Image Display fix
- RewriteCond %{REQUEST_URI} ^/wp-content/plugins/yet-another-photoblog/ [NC]
- RewriteRule . - [S=30]
- # WordPress.com Stats Flash SWF Graph Does Not Load Fix
- RewriteCond %{REQUEST_URI} ^/wp-content/plugins/stats/ [NC]
- RewriteRule . - [S=30]
- # Status Updater plugin fix
- RewriteCond %{REQUEST_URI} ^/wp-content/plugins/fb-status-updater/ [NC]
- RewriteRule . - [S=30]
- # wp-extplorer login fix
- RewriteCond %{REQUEST_URI} ^/wp-content/plugins/wp-extplorer/ [NC]
- RewriteRule . - [S=30]
- # Adminer MySQL management tool fix
- RewriteCond %{REQUEST_URI} ^/wp-content/plugins/adminer/ [NC]
- RewriteRule . - [S=30]
- # Peters Custom Anti-Spam Image fix
- RewriteCond %{REQUEST_URI} ^/wp-content/plugins/peters-custom-anti-spam-image/ [NC]
- RewriteRule . - [S=30]
- # Stream Video Player - Adding FLV Videos is Blocked By BPS
- RewriteCond %{REQUEST_URI} ^/wp-content/plugins/stream-video-player/ [NC]
- RewriteRule . - [S=30]
- # FeedWordPress - ?update_feedwordpress= String Blocked
- RewriteCond %{QUERY_STRING} update_feedwordpress=(.*) [NC]
- RewriteRule . - [S=30]
- # XCloner 404 or 403 error when updating settings
- RewriteCond %{REQUEST_URI} ^/wp-content/plugins/xcloner-backup-and-restore/ [NC]
- RewriteRule . - [S=30]
- # podPress rewrite ?feed=podcast as /feed/podcast
- # If you are using a custom slug then add the slug name to the rewriterule
- # RewriteRule (.*) /feed/custom-slug-name/$1? [R=301,L]
- RewriteCond %{QUERY_STRING} feed=podcast [NC]
- RewriteRule (.*) /feed/podcast/$1? [R=301,L]
- # podPress rewrite ?feed=enhancedpodcast as /feed/enhancedpodcast
- # If you are using a custom slug then add the slug name to the rewriterule
- # RewriteRule (.*) /feed/custom-slug-name/$1? [R=301,L]
- RewriteCond %{QUERY_STRING} feed=enhancedpodcast [NC]
- RewriteRule (.*) /feed/enhancedpodcast/$1? [R=301,L]
- # podPress rewrite ?feed=torrent as /feed/torrent
- # If you are using a custom slug then add the slug name to the rewriterule
- # RewriteRule (.*) /feed/custom-slug-name/$1? [R=301,L]
- RewriteCond %{QUERY_STRING} feed=torrent [NC]
- RewriteRule (.*) /feed/torrent/$1? [R=301,L]
- # podPress rewrite ?feed=premium as /feed/premium
- # If you are using a custom slug then add the slug name to the rewriterule
- # RewriteRule (.*) /feed/custom-slug-name/$1? [R=301,L]
- RewriteCond %{QUERY_STRING} feed=premimum [NC]
- RewriteRule (.*) /feed/premium/$1? [R=301,L]
- # FILTER REQUEST METHODS
- RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC]
- RewriteRule ^(.*)$ - [F,L]
- # QUERY STRING EXPLOITS
- RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
- RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
- RewriteCond %{QUERY_STRING} tag\= [NC,OR]
- RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
- RewriteCond %{QUERY_STRING} http\: [NC,OR]
- RewriteCond %{QUERY_STRING} https\: [NC,OR]
- RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
- RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
- RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
- RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
- RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
- RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
- RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]
- RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
- RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>).* [NC,OR]
- RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
- RewriteCond %{QUERY_STRING} ^.*(execute|exec|sp_executesql|request|select|insert|union|declare|drop|delete|create|alter|update|order|char|set|cast|convert|meta|script|truncate).* [NC]
- RewriteRule ^(.*)$ - [F,L]
- # Deny Access to wp-config.php, bb-config.php, /wp-admin/install.php, all .htaccess files
- # php.ini, php5.ini and the WordPress readme.html installation file.
- # To allow ONLY yourself access to these files add your current IP address below to the
- # Allow from line of code and remove the # sign in front of Allow from to uncomment it
- <FilesMatch "^(wp-config\.php|install\.php|\.htaccess|php\.ini|php5\.ini|readme\.html|bb-config\.php)">
- Deny from all
- # Allow from 11.11.11.11
- </FilesMatch>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement