cod3cow · December 1, 2023 09:48
diff --git a/.htaccess b/.htaccess
 # Redirect http to https
 <IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteCond %{HTTPS} !=on
  RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
 </IfModule>

 # Browser Caching
 <IfModule mod_expires.c>
  ExpiresActive On
  ExpiresDefault "access 5 seconds"
  ExpiresByType image/jpg "access 1 month"
  ExpiresByType image/jpeg "access 1 month"
  ExpiresByType image/gif "access 1 month"
  ExpiresByType image/png "access 1 month"
  ExpiresByType image/ico "access 1 month"
  ExpiresByType image/x-icon "access 1 month"
  ExpiresByType text/css "access plus 1 day"
  ExpiresByType text/javascript "access 1 month"
  ExpiresByType application/javascript "access 1 month"
  ExpiresByType application/x-javascript "access 1 month"
  ExpiresByType application/x-shockwave-flash "access 1 month"
 </IfModule>

 # Alternative Caching
 <IfModule mod_headers.c>
  Header append Cache-Control "public"
  Header append Vary Accept-Encoding
  Header set Connection keep-alive
  Header unset ETag
  FileETag None
 </IfModule>

 # gzip compression
 <IfModule mod_deflate.c>
  SetOutputFilter DEFLATE
 </IfModule>

 # No access to install.php
 <files install.php>
  Order allow,deny
  Deny from all
 </files>

 # No access to wp-config.php 
 <files wp-config.php>
  Order allow,deny
  Deny from all
 </files>

 # No access to .htaccess and .htpasswd
 <FilesMatch "(\.htaccess|\.htpasswd)">
  Order deny,allow
  Deny from all
 </FilesMatch>

 # BEGIN WordPress
 # The directives (lines) between "BEGIN WordPress" and "END WordPress" are
 # dynamically generated, and should only be modified via WordPress filters.
 # Any changes to the directives between these markers will be overwritten.
 <IfModule mod_rewrite.c>
 RewriteEngine On
 RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
 RewriteBase /
 RewriteRule ^index\.php$ - [L]
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d
 RewriteRule . /index.php [L]
 </IfModule>
	# Redirect http to https
	<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteCond %{HTTPS} !=on
	RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
	</IfModule>

	# Browser Caching
	<IfModule mod_expires.c>
	ExpiresActive On
	ExpiresDefault "access 5 seconds"
	ExpiresByType image/jpg "access 1 month"
	ExpiresByType image/jpeg "access 1 month"
	ExpiresByType image/gif "access 1 month"
	ExpiresByType image/png "access 1 month"
	ExpiresByType image/ico "access 1 month"
	ExpiresByType image/x-icon "access 1 month"
	ExpiresByType text/css "access plus 1 day"
	ExpiresByType text/javascript "access 1 month"
	ExpiresByType application/javascript "access 1 month"
	ExpiresByType application/x-javascript "access 1 month"
	ExpiresByType application/x-shockwave-flash "access 1 month"
	</IfModule>

	# Alternative Caching
	<IfModule mod_headers.c>
	Header append Cache-Control "public"
	Header append Vary Accept-Encoding
	Header set Connection keep-alive
	Header unset ETag
	FileETag None
	</IfModule>

	# gzip compression
	<IfModule mod_deflate.c>
	SetOutputFilter DEFLATE
	</IfModule>

	# No access to install.php
	<files install.php>
	Order allow,deny
	Deny from all
	</files>

	# No access to wp-config.php
	<files wp-config.php>
	Order allow,deny
	Deny from all
	</files>

	# No access to .htaccess and .htpasswd
	<FilesMatch "(\.htaccess\|\.htpasswd)">
	Order deny,allow
	Deny from all
	</FilesMatch>

	# BEGIN WordPress
	# The directives (lines) between "BEGIN WordPress" and "END WordPress" are
	# dynamically generated, and should only be modified via WordPress filters.
	# Any changes to the directives between these markers will be overwritten.
	<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
	RewriteBase /
	RewriteRule ^index\.php$ - [L]
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteRule . /index.php [L]
	</IfModule>