HemaLatha

Untitled

Sep 1st, 2011
248
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # BULLETPROOF .46.4 >>>>>>> SECURE .HTACCESS
  2.  
  3. # If you edit the line of code above you will see error messages on the BPS status page
  4. # BPS is reading the version number in the htaccess file to validate checks
  5. # If you would like to change what is displayed above you
  6. # will need to edit the BPS functions.php file to match your changes
  7. # For more info see the BPS Guide at AIT-pro.com
  8.  
  9. # If you are getting 500 Errors when activating BPS then comment out Options -Indexes
  10. Options -Indexes
  11.  
  12. # Replace hotlinked images with replacement image
  13. RewriteEngine on
  14. RewriteCond %{HTTP_REFERER} !^http://(.+\.)?MainWpBlog\.com/ [NC]
  15. RewriteCond %{HTTP_REFERER} !^http://(.+\.)?AnotherSiteInside\.com/ [NC]
  16. RewriteCond %{HTTP_REFERER} !^http://(.+\.)?AnotherSiteInside\.com/ [NC]
  17. RewriteCond %{HTTP_REFERER} !^http://(.+\.)?google\.com/ [NC]
  18. RewriteCond %{HTTP_REFERER} !^http://(.+\.)?AnotherSiteInside\.com/ [NC]
  19. RewriteCond %{HTTP_REFERER} !^http://(.+\.)?SiteInSomeOtherHosting\.com/ [NC]
  20. RewriteCond %{HTTP_REFERER} !^http://(.+\.)?NewBlogNeedsInstallation\.com/ [NC]
  21. RewriteCond %{HTTP_REFERER} !^$
  22. RewriteRule .*\.(jpe?g|gif|bmp|png)$ /hotlink.jpe [L]
  23.  
  24. # WPSuperCache
  25.  
  26. # BEGIN WordPress
  27. <IfModule mod_rewrite.c>
  28. RewriteEngine On
  29. RewriteBase /
  30. RewriteRule ^index\.php$ - [L]
  31. RewriteCond %{REQUEST_FILENAME} !-f
  32. RewriteCond %{REQUEST_FILENAME} !-d
  33. RewriteRule . /index.php [L]
  34. </IfModule>
  35. # END WordPress
  36.  
  37. # If you want to add a custom 403 Forbidden page for your website uncomment the
  38. # ErrorDocument line of code below and copy the ait-pro.com example forbidden
  39. # HTML page to your correct website folder. See the BPS Help and FAQ page for
  40. # detailed instructions on how to do this. If your Theme 404 template is named
  41. # 404.php then you can uncomment the 404 line below now. If your 404 template is
  42. # named some other file name then change 404.php to the name of your 404 template
  43. # name and uncomment the 404 line of code below.
  44. # ErrorDocument 403 /forbidden.html
  45. ErrorDocument 404 /404.php
  46.  
  47. # Plugin conflicts will be handled case by case
  48. # You can leave the plugin fixes code intact just in case you install one of these plugins
  49. # at a later time. Thousands of lines of htaccess code can be read in milliseconds
  50. # so leaving the code intact does not slow down your website performance at all.
  51. # Thousands of plugins have been tested with BPS and the plugin conflict fixes
  52. # contained in this BPS master file are permanent fixes for conflicts found with
  53. # these plugins. If you use AutoMagic to create this file then your correct WordPress installation
  54. # folder name will be automatically added to the plugin fixes that need a WP folder name.
  55. # If you choose to manually edit this file instead of using AutoMagic be sure to add your
  56. # WordPress installation folder name to the fixes that require your WordPress folder name.
  57. # Your WordPress installation folder name can be found on the System Info page. If you only see
  58. # a forward slash then you have a root folder installation and do not need to add a folder name.
  59.  
  60. # redirect_to= string fix - fixes issues with plugins that use the redirect_to= string
  61. RewriteCond %{QUERY_STRING} redirect_to=(.*) [NC]
  62. RewriteRule . - [S=30]
  63.  
  64. # Login Plugins Password Reset And Redirect Conflicts Fix 1
  65. RewriteCond %{QUERY_STRING} action=resetpass&key=(.*) [NC]
  66. RewriteRule . - [S=30]
  67.  
  68. # Login Plugins Password Reset And Redirect Conflicts Fix 2
  69. RewriteCond %{QUERY_STRING} action=rp&key=(.*) [NC]
  70. RewriteRule . - [S=30]
  71.  
  72. # BuddyPress Logout Redirect fix - skip BPS Filters on Logout link Redirect
  73. # WordPress 3.0.4 or higher must be installed for this fix to work
  74. RewriteCond %{QUERY_STRING} action=logout&redirect_to=http%3A%2F%2F(.*) [NC]
  75. RewriteRule . - [S=30]
  76.  
  77. # Ozh' Admin Drop Down Menu Display Fix
  78. RewriteCond %{REQUEST_URI} ^/wp-content/plugins/ozh-admin-drop-down-menu/ [NC]
  79. RewriteRule . - [S=30]
  80.  
  81. # ComicPress Manager ComicPress Theme Image Fix
  82. RewriteCond %{REQUEST_URI} ^/wp-content/plugins/comicpress-manager/ [NC]
  83. RewriteRule . - [S=30]
  84.  
  85. # TimThumb and all other Thumbnailer Images not displaying - Red X instead of Images
  86. # If your theme uses an image thumbnailer script file this fix will work to display images correctly
  87. # as long as thumb is part of the file name like timthumb.php, thumb.php, thumbs.php or phpthumb.php
  88. RewriteCond %{REQUEST_FILENAME} ^(.*)thumb(.*)$ [NC]
  89. RewriteRule ^(.*)$ - [S=30]
  90.  
  91. # YAPB Image Display fix
  92. RewriteCond %{REQUEST_URI} ^/wp-content/plugins/yet-another-photoblog/ [NC]
  93. RewriteRule . - [S=30]
  94.  
  95. # WordPress.com Stats Flash SWF Graph Does Not Load Fix
  96. RewriteCond %{REQUEST_URI} ^/wp-content/plugins/stats/ [NC]
  97. RewriteRule . - [S=30]
  98.  
  99. # Status Updater plugin fix
  100. RewriteCond %{REQUEST_URI} ^/wp-content/plugins/fb-status-updater/ [NC]
  101. RewriteRule . - [S=30]
  102.  
  103. # wp-extplorer login fix
  104. RewriteCond %{REQUEST_URI} ^/wp-content/plugins/wp-extplorer/ [NC]
  105. RewriteRule . - [S=30]
  106.  
  107. # Adminer MySQL management tool fix
  108. RewriteCond %{REQUEST_URI} ^/wp-content/plugins/adminer/ [NC]
  109. RewriteRule . - [S=30]
  110.  
  111. # Peters Custom Anti-Spam Image fix
  112. RewriteCond %{REQUEST_URI} ^/wp-content/plugins/peters-custom-anti-spam-image/ [NC]
  113. RewriteRule . - [S=30]
  114.  
  115. # Stream Video Player - Adding FLV Videos is Blocked By BPS
  116. RewriteCond %{REQUEST_URI} ^/wp-content/plugins/stream-video-player/ [NC]
  117. RewriteRule . - [S=30]
  118.  
  119. # FeedWordPress - ?update_feedwordpress= String Blocked
  120. RewriteCond %{QUERY_STRING} update_feedwordpress=(.*) [NC]
  121. RewriteRule . - [S=30]
  122.  
  123. # XCloner 404 or 403 error when updating settings
  124. RewriteCond %{REQUEST_URI} ^/wp-content/plugins/xcloner-backup-and-restore/ [NC]
  125. RewriteRule . - [S=30]
  126.  
  127. # podPress rewrite ?feed=podcast as /feed/podcast
  128. # If you are using a custom slug then add the slug name to the rewriterule
  129. # RewriteRule (.*) /feed/custom-slug-name/$1? [R=301,L]
  130. RewriteCond %{QUERY_STRING} feed=podcast [NC]
  131. RewriteRule (.*) /feed/podcast/$1? [R=301,L]
  132.  
  133. # podPress rewrite ?feed=enhancedpodcast as /feed/enhancedpodcast
  134. # If you are using a custom slug then add the slug name to the rewriterule
  135. # RewriteRule (.*) /feed/custom-slug-name/$1? [R=301,L]
  136. RewriteCond %{QUERY_STRING} feed=enhancedpodcast [NC]
  137. RewriteRule (.*) /feed/enhancedpodcast/$1? [R=301,L]
  138.  
  139. # podPress rewrite ?feed=torrent as /feed/torrent
  140. # If you are using a custom slug then add the slug name to the rewriterule
  141. # RewriteRule (.*) /feed/custom-slug-name/$1? [R=301,L]
  142. RewriteCond %{QUERY_STRING} feed=torrent [NC]
  143. RewriteRule (.*) /feed/torrent/$1? [R=301,L]
  144.  
  145. # podPress rewrite ?feed=premium as /feed/premium
  146. # If you are using a custom slug then add the slug name to the rewriterule
  147. # RewriteRule (.*) /feed/custom-slug-name/$1? [R=301,L]
  148. RewriteCond %{QUERY_STRING} feed=premimum [NC]
  149. RewriteRule (.*) /feed/premium/$1? [R=301,L]
  150.  
  151. # FILTER REQUEST METHODS
  152. RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC]
  153. RewriteRule ^(.*)$ - [F,L]
  154.  
  155. # QUERY STRING EXPLOITS
  156. RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
  157. RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
  158. RewriteCond %{QUERY_STRING} tag\= [NC,OR]
  159. RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
  160. RewriteCond %{QUERY_STRING} http\: [NC,OR]
  161. RewriteCond %{QUERY_STRING} https\: [NC,OR]
  162. RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
  163. RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
  164. RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
  165. RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
  166. RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
  167. RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
  168. RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]
  169. RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
  170. RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>).* [NC,OR]
  171. RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
  172. RewriteCond %{QUERY_STRING} ^.*(execute|exec|sp_executesql|request|select|insert|union|declare|drop|delete|create|alter|update|order|char|set|cast|convert|meta|script|truncate).* [NC]
  173. RewriteRule ^(.*)$ - [F,L]
  174.  
  175. # Deny Access to wp-config.php, bb-config.php, /wp-admin/install.php, all .htaccess files
  176. # php.ini, php5.ini and the WordPress readme.html installation file.
  177. # To allow ONLY yourself access to these files add your current IP address below to the
  178. # Allow from line of code and remove the # sign in front of Allow from to uncomment it
  179. <FilesMatch "^(wp-config\.php|install\.php|\.htaccess|php\.ini|php5\.ini|readme\.html|bb-config\.php)">
  180. Deny from all
  181. # Allow from 11.11.11.11
  182. </FilesMatch>
RAW Paste Data