nielslange · March 21, 2018 19:29
diff --git a/.htaccess b/.htaccess
 # Enable .htpasswd authentication
 # <If "%{HTTP_HOST} != 'dev'">
 # AuthType Basic
 # AuthName "Login to dashboard"
 # AuthUserFile /path/to/.htpasswd
 # Require valid-user
 # </If>

 # Deny access to all .htaccess files
 <files ~ "^.*\.([Hh][Tt][Aa])">
 order allow,deny
 deny from all
 satisfy all
 </files>

 # Deny access to wp-config.php file
 <files wp-config.php>
 order allow,deny
 deny from all
 </files>

 # Disable directory browsing
 Options ALL -Indexes

 # Disable access to all file types except the following
 Order deny,allow
 Deny from all
 <Files ~ ".(xml|css|js|jpe?g|png|gif|pdf|docx|rtf|odf|zip|rar)$">
 Allow from all
 </Files>

 # Block wp-includes folder and files
 <IfModule mod_rewrite.c>
 RewriteEngine On
 RewriteBase /
 RewriteRule ^wp-admin/includes/ - [F,L]
 RewriteRule !^wp-includes/ - [S=3]
 RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
 RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
 RewriteRule ^wp-includes/theme-compat/ - [F,L]
 </IfModule>

 # Prevent image hotlinking script. Replace last URL with any image link you want.
 # <IfModule mod_rewrite.c>
 # RewriteEngine on
 # RewriteCond %{HTTP_REFERER} !^$
 # RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourwebsite.com [NC]
 # RewriteRule \.(jpg|jpeg|png|gif)$ http://i.imgur.com/MlQAH71.jpg [NC,R,L]
 # </IfModule>

 # Setup browser caching
 <IfModule mod_expires.c>
 ExpiresActive On
 ExpiresByType image/jpg "access 1 year"
 ExpiresByType image/jpeg "access 1 year"
 ExpiresByType image/gif "access 1 year"
 ExpiresByType image/png "access 1 year"
 ExpiresByType text/css "access 1 month"
 ExpiresByType application/pdf "access 1 month"
 ExpiresByType text/x-javascript "access 1 month"
 ExpiresByType application/x-shockwave-flash "access 1 month"
 ExpiresByType image/x-icon "access 1 year"
 ExpiresDefault "access 2 days"
 </IfModule>

 # Restrict PHP file execution
 # <Directory "/var/www/wp-content/uploads/">
 # <Files "*.php">
 # Order Deny,Allow
 # Deny from All
 # </Files>
 # </Directory>

 # Protect site against script injections
 Options +FollowSymLinks
 <IfModule mod_rewrite.c>
 RewriteEngine On
 RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
 RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
 RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})
 RewriteRule ^(.*)$ index.php [F,L]
 </IfModule>

 # Prevent username execution
 RewriteCond %{QUERY_STRING} author=d
 RewriteRule ^ /? [L,R=301]

 # Require SSL
 # SSLOptions +StrictRequire
 # SSLRequireSSL
 # SSLRequire %{HTTP_HOST} eq "www.you-site.com"
 # ErrorDocument 403 https://www.your-site.com
	# Enable .htpasswd authentication
	# <If "%{HTTP_HOST} != 'dev'">
	# AuthType Basic
	# AuthName "Login to dashboard"
	# AuthUserFile /path/to/.htpasswd
	# Require valid-user
	# </If>

	# Deny access to all .htaccess files
	<files ~ "^.*\.([Hh][Tt][Aa])">
	order allow,deny
	deny from all
	satisfy all
	</files>

	# Deny access to wp-config.php file
	<files wp-config.php>
	order allow,deny
	deny from all
	</files>

	# Disable directory browsing
	Options ALL -Indexes

	# Disable access to all file types except the following
	Order deny,allow
	Deny from all
	<Files ~ ".(xml\|css\|js\|jpe?g\|png\|gif\|pdf\|docx\|rtf\|odf\|zip\|rar)$">
	Allow from all
	</Files>

	# Block wp-includes folder and files
	<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteBase /
	RewriteRule ^wp-admin/includes/ - [F,L]
	RewriteRule !^wp-includes/ - [S=3]
	RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
	RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
	RewriteRule ^wp-includes/theme-compat/ - [F,L]
	</IfModule>

	# Prevent image hotlinking script. Replace last URL with any image link you want.
	# <IfModule mod_rewrite.c>
	# RewriteEngine on
	# RewriteCond %{HTTP_REFERER} !^$
	# RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourwebsite.com [NC]
	# RewriteRule \.(jpg\|jpeg\|png\|gif)$ http://i.imgur.com/MlQAH71.jpg [NC,R,L]
	# </IfModule>

	# Setup browser caching
	<IfModule mod_expires.c>
	ExpiresActive On
	ExpiresByType image/jpg "access 1 year"
	ExpiresByType image/jpeg "access 1 year"
	ExpiresByType image/gif "access 1 year"
	ExpiresByType image/png "access 1 year"
	ExpiresByType text/css "access 1 month"
	ExpiresByType application/pdf "access 1 month"
	ExpiresByType text/x-javascript "access 1 month"
	ExpiresByType application/x-shockwave-flash "access 1 month"
	ExpiresByType image/x-icon "access 1 year"
	ExpiresDefault "access 2 days"
	</IfModule>

	# Restrict PHP file execution
	# <Directory "/var/www/wp-content/uploads/">
	# <Files "*.php">
	# Order Deny,Allow
	# Deny from All
	# </Files>
	# </Directory>

	# Protect site against script injections
	Options +FollowSymLinks
	<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteCond %{QUERY_STRING} (<\|%3C).script.(>\|%3E) [NC,OR]
	RewriteCond %{QUERY_STRING} GLOBALS(=\|[\|%[0-9A-Z]{0,2}) [OR]
	RewriteCond %{QUERY_STRING} _REQUEST(=\|[\|%[0-9A-Z]{0,2})
	RewriteRule ^(.*)$ index.php [F,L]
	</IfModule>

	# Prevent username execution
	RewriteCond %{QUERY_STRING} author=d
	RewriteRule ^ /? [L,R=301]

	# Require SSL
	# SSLOptions +StrictRequire
	# SSLRequireSSL
	# SSLRequire %{HTTP_HOST} eq "www.you-site.com"
	# ErrorDocument 403 https://www.your-site.com