Skip to content

Instantly share code, notes, and snippets.

@hofmannsven

hofmannsven/.htaccess

Last active September 21, 2022 20:20
Show Gist options
  • Save hofmannsven/c6704cf3ce4bee2e82ed to your computer and use it in GitHub Desktop.
Save hofmannsven/c6704cf3ce4bee2e82ed to your computer and use it in GitHub Desktop.
Download ZIP
Custom WordPress Setup
Raw
.htaccess
# Block access to WordPress specific files
<files .htaccess>
Order allow,deny
Deny from all
</files>
<files readme.html>
Order allow,deny
Deny from all
</files>
<files readme.txt>
Order allow,deny
Deny from all
</files>
<files install.php>
Order allow,deny
Deny from all
</files>
<files wp-config.php>
Order allow,deny
Deny from all
</files>
<Files debug.log>
Order allow,deny
Deny from all
</Files>
# Disable directory browsing
Options -Indexes
<IfModule mod_rewrite.c>
RewriteEngine On
# Rules to protect wp-includes
RewriteRule ^wp-admin/includes/ - [F]
RewriteRule !^wp-includes/ - [S=3]
RewriteCond %{SCRIPT_FILENAME} !^(.*)wp-includes/ms-files.php
RewriteRule ^wp-includes/[^/]+\.php$ - [F]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]
RewriteRule ^wp-includes/theme-compat/ - [F]
# Rules to prevent php execution in uploads
RewriteRule ^(.*)/uploads/(.*).php(.?) - [F]
# Rules to block unneeded HTTP methods
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC]
RewriteRule ^(.*)$ - [F]
# Rules to block suspicious URIs
RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
RewriteCond %{QUERY_STRING} ^.*\.(bash|git|hg|log|svn|swp|cvs) [NC,OR]
RewriteCond %{QUERY_STRING} etc/passwd [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} http\: [NC,OR]
RewriteCond %{QUERY_STRING} https\: [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|ê|"|;|\?|\*|=$).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(&#x22;|&#x27;|&#x3C;|&#x3E;|&#x5C;|&#x7B;|&#x7C;).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(127\.0).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(request|concat|insert|union|declare).* [NC]
RewriteCond %{QUERY_STRING} !^loggedout=true
RewriteCond %{QUERY_STRING} !^action=rp
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
RewriteCond %{HTTP_REFERER} !^http://maps\.googleapis\.com(.*)$
RewriteRule ^(.*)$ - [F]
# Rules to block foreign characters in URLs
RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F).* [NC]
RewriteRule ^(.*)$ - [F]
# Rules to help reduce spam
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} ^(.*)wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !^(.*)website.com.*
RewriteCond %{HTTP_REFERER} !^http://jetpack\.wordpress\.com/jetpack-comment/ [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule ^(.*)$ - [F]
</IfModule>
# WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
Raw
README.md
Raw
robots.txt
# robots.txt
User-agent: *
Disallow: /wp-admin/
Disallow: /wp-includes/
Raw
wp-config.php
<?php
/**
* WordPress Setup
*
* @package WordPress
*/
/** Move wp-content dir. */
$content_dir = 'website';
define( 'WP_CONTENT_DIR', dirname(__FILE__) . '/' . $content_dir );
define( 'WP_CONTENT_URL', 'http://' . $_SERVER['SERVER_NAME'] . '/' . $content_dir );
/** MySQL database. */
define('DB_NAME', 'database');
/** MySQL database username. */
define('DB_USER', 'username');
/** MySQL database password. */
define('DB_PASSWORD', 'password');
/** MySQL hostname. */
define('DB_HOST', 'localhost');
/** MySQL database table prefix. */
$table_prefix = 'wp_';
/** MySQL charset to use in creating database tables. */
define('DB_CHARSET', 'utf8');
/** MySQL collate type. */
define('DB_COLLATE', '');
/** Authentication unique keys and salts: https://api.wordpress.org/secret-key/1.1/salt/ */
define('AUTH_KEY', '');
define('SECURE_AUTH_KEY', '');
define('LOGGED_IN_KEY', '');
define('NONCE_KEY', '');
define('AUTH_SALT', '');
define('SECURE_AUTH_SALT', '');
define('LOGGED_IN_SALT', '');
define('NONCE_SALT', '');
/** WordPress localized language. */
define( 'WPLANG', '' );
/** Increase PHP memory limit. */
define( 'WP_MEMORY_LIMIT', '128M' );
/** Enable compression. */
define( 'COMPRESS_CSS', true );
define( 'COMPRESS_SCRIPTS', true );
define( 'CONCATENATE_SCRIPTS', true );
define( 'ENFORCE_GZIP', true );
/** Limit number of post revisions. */
define( 'WP_POST_REVISIONS', 3 );
/** Disable auto core updates. */
// define( 'AUTOMATIC_UPDATER_DISABLED', true );
/** Disable the file editor. */
define( 'DISALLOW_FILE_EDIT', true );
/** Debug settings. */
define( 'WP_DEBUG', true );
if ( WP_DEBUG ) :
define( 'CONCATENATE_SCRIPTS', false );
define( 'SAVEQUERIES', true );
define( 'SCRIPT_DEBUG', true );
define( 'WP_DEBUG_LOG', true );
define( 'WP_DEBUG_DISPLAY', true) ;
@ini_set( 'display_errors', 1 );
endif;
/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
define('ABSPATH', dirname(__FILE__) . '/');
/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment