Last active
July 11, 2024 10:08
-
-
Save hosni/902811e5db3a2786dcc072f8b9042cea to your computer and use it in GitHub Desktop.
Directadmin OpenLiteSpeed WordPress Hardening
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### | |
| # File: /usr/local/directadmin/data/templates/custom/cust_openlitespeed.CUSTOM.5.pre | |
| ### | |
| # block all access to wordpress xmlrpc.php and wp-trackback.php file | |
| RewriteRule ^/(wp-config|wp-config-sample|xmlrpc|wp-trackback)\.php - [F,L,NC] | |
| # Patch for CVE-2023-40000 | |
| # https://wpscan.com/vulnerability/dd9054cc-1259-427d-a4ad-1875b7b2b3b4/ | |
| RewriteRule ^/wp-json/litespeed/v1/cdn_status/.*$ - [F,L,NC] | |
| RewriteRule ^/wp-json/litespeed/v1/cdn_status - [F,L,NC] | |
| # Adapted from WordPress | |
| # https://developer.wordpress.org/advanced-administration/security/hardening/#securing-wp-includes | |
| RewriteRule !^wp-includes/ - [S=3] | |
| RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] | |
| RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] | |
| RewriteRule ^wp-includes/theme-compat/ - [F,L] | |
| # Block some stupid paths that used by some stupid bots | |
| RewriteRule ^/wp-content/plugins/WordPressCore/.*$ - [F,L,NC] | |
| RewriteRule ^/wp-content/plugins/wordpres-wpps/.*$ - [F,L,NC] | |
| RewriteRule ^/wp-content/plugins/wp-cleansong/.*$ - [F,L,NC] | |
| RewriteRule ^/wp-content/plugins/include.php - [F,L,NC] | |
| # Block some bots that makes server nervous, like: MJ12bot (https://mj12bot.com/) | |
| # Currently, I descided to give a chance to MJ12bot with using Crawl-Delay:13 option in robots.txt | |
| # RewriteCond %{HTTP_USER_AGENT} "MJ12bot|BadBot" | |
| # RewriteRule /(.*)$ - [L,F] | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment