cabans · June 8, 2022 12:47
diff --git a/.htaccess b/.htaccess
 # BEGIN WordPress
 <IfModule mod_rewrite.c>
 RewriteEngine On
 RewriteBase /
 RewriteRule ^index\.php$ - [L]
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d
 RewriteRule . /index.php [L]
 </IfModule>

 # END WordPress

 # Stop spam attack logins and comments
 <IfModule mod_rewrite.c>
 	RewriteEngine On
 	RewriteCond %{REQUEST_METHOD} POST
 	RewriteCond %{REQUEST_URI} .(wp-comments-post|wp-login)\.php*
 	RewriteCond %{HTTP_REFERER} !.*example.com.* [OR]
 	RewriteCond %{HTTP_USER_AGENT} ^$
 	RewriteRule (.*) http://%{REMOTE_ADDR}/$1 [R=301,L]
 </ifModule>

 # disable directory browsing
 Options All -Indexes

 # Enable keep-alive
 <ifModule mod_headers.c>
 Header set Connection keep-alive
 </ifModule>

 # Block the include-only files.
 <IfModule mod_rewrite.c>
 RewriteEngine On
 RewriteBase /
 RewriteRule ^wp-admin/includes/ - [F,L]
 RewriteRule !^wp-includes/ - [S=3]
 RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
 RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
 RewriteRule ^wp-includes/theme-compat/ - [F,L]
 </IfModule>

 # Cache Expiration
 <IfModule mod_expires.c>
 ExpiresActive On
 ExpiresByType image/jpg "access 1 year"
 ExpiresByType image/jpeg "access 1 year"
 ExpiresByType image/gif "access 1 year"
 ExpiresByType image/png "access 1 year"
 ExpiresByType text/css "access 1 month"
 ExpiresByType application/pdf "access 1 month"
 ExpiresByType text/x-javascript "access 1 month"
 ExpiresByType application/x-shockwave-flash "access 1 month"
 ExpiresByType image/x-icon "access 1 year"
 ExpiresDefault "access 2 days"
 </IfModule>

 # Compression
 <IfModule mod_deflate.c>
 SetOutputFilter DEFLATE
 AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/javascript application/x-javascript application/x-httpd-php application/rss+xml application/atom_xml text/javascript

 # SVG Support
 AddType image/svg+xml svg svgz
 AddOutputFilterByType DEFLATE image/svg+xml

 BrowserMatch ^Mozilla/4 gzip-only-text/html
 BrowserMatch ^Mozilla/4\.0[678] no-gzip
 BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
 SetEnvIfNoCase Request_URI \
 \.(?:bmp|gif|ico|svg|tif|tiff|jpe?g|png)$ no-gzip dont-vary
 Header append Vary User-Agent env=!dont-vary
 </IfModule>

 # Blocking .htaccess
 <files ~ "^.*\.([Hh][Tt][Aa])">
 order allow,deny
 deny from all
 satisfy all
 </files>

 # Blocking wp-config.php
 <files wp-config.php>
 order allow,deny
 deny from all
 </files>

 # Blocking access to swfupload.swf
 <files swfupload.swf>
 order allow,deny
 deny from all
 </files>

 # Block XML RPC
 <IfModule mod_alias.c>
 RedirectMatch 403 /(.*)/xmlrpc\.php$
 </IfModule>
	# BEGIN WordPress
	<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteBase /
	RewriteRule ^index\.php$ - [L]
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteRule . /index.php [L]
	</IfModule>

	# END WordPress

	# Stop spam attack logins and comments
	<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteCond %{REQUEST_METHOD} POST
	RewriteCond %{REQUEST_URI} .(wp-comments-post\|wp-login)\.php*
	RewriteCond %{HTTP_REFERER} !.example.com. [OR]
	RewriteCond %{HTTP_USER_AGENT} ^$
	RewriteRule (.*) http://%{REMOTE_ADDR}/$1 [R=301,L]
	</ifModule>

	# disable directory browsing
	Options All -Indexes

	# Enable keep-alive
	<ifModule mod_headers.c>
	Header set Connection keep-alive
	</ifModule>

	# Block the include-only files.
	<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteBase /
	RewriteRule ^wp-admin/includes/ - [F,L]
	RewriteRule !^wp-includes/ - [S=3]
	RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
	RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
	RewriteRule ^wp-includes/theme-compat/ - [F,L]
	</IfModule>

	# Cache Expiration
	<IfModule mod_expires.c>
	ExpiresActive On
	ExpiresByType image/jpg "access 1 year"
	ExpiresByType image/jpeg "access 1 year"
	ExpiresByType image/gif "access 1 year"
	ExpiresByType image/png "access 1 year"
	ExpiresByType text/css "access 1 month"
	ExpiresByType application/pdf "access 1 month"
	ExpiresByType text/x-javascript "access 1 month"
	ExpiresByType application/x-shockwave-flash "access 1 month"
	ExpiresByType image/x-icon "access 1 year"
	ExpiresDefault "access 2 days"
	</IfModule>

	# Compression
	<IfModule mod_deflate.c>
	SetOutputFilter DEFLATE
	AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/javascript application/x-javascript application/x-httpd-php application/rss+xml application/atom_xml text/javascript

	# SVG Support
	AddType image/svg+xml svg svgz
	AddOutputFilterByType DEFLATE image/svg+xml

	BrowserMatch ^Mozilla/4 gzip-only-text/html
	BrowserMatch ^Mozilla/4\.0[678] no-gzip
	BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
	SetEnvIfNoCase Request_URI \
	\.(?:bmp\|gif\|ico\|svg\|tif\|tiff\|jpe?g\|png)$ no-gzip dont-vary
	Header append Vary User-Agent env=!dont-vary
	</IfModule>

	# Blocking .htaccess
	<files ~ "^.*\.([Hh][Tt][Aa])">
	order allow,deny
	deny from all
	satisfy all
	</files>

	# Blocking wp-config.php
	<files wp-config.php>
	order allow,deny
	deny from all
	</files>

	# Blocking access to swfupload.swf
	<files swfupload.swf>
	order allow,deny
	deny from all
	</files>

	# Block XML RPC
	<IfModule mod_alias.c>
	RedirectMatch 403 /(.*)/xmlrpc\.php$
	</IfModule>