obviousdisaster · February 24, 2024 14:09
diff --git a/.htaccess b/.htaccess
 # force http to https
 RewriteEngine On
 RewriteCond %{HTTPS} !=on
 RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]

 # disable directory listing
 Options -Indexes +FollowSymLinks -MultiViews

 # turn off Apache version
 ServerSignature Off

 # clickjacking protection
 <IfModule mod_headers.c>
 	Header set Content-Security-Policy "frame-ancestors 'none';"
 	Header set X-Frame-Options "sameorigin"
 	Header set X-XSS-Protection "1; mode=block"
 	Header set X-Content-Type-Options nosniff
 	Header set Referrer-Policy "same-origin"
 	Header unset Vary
 </IfModule>

 # better search url
 RewriteCond %{QUERY_STRING} \\?s=([^&]+) [NC]
 RewriteRule ^$ /search/%1/? [NC,R,L]

 # protect wpconfig
 <files wp-config.php>
 	Order deny,allow
 	deny from all
 </files>

 # Blocks some XSS attacks
 <IfModule mod_rewrite.c>
 	RewriteCond %{QUERY_STRING} (\|%3E) [NC,OR]
 	RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
 	RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
 	RewriteRule .* index.php [F,L]
 </IfModule>

 # secure htaccess file
 <Files .htaccess>
 	order allow,deny
 	deny from all
 </Files>

 # secure other files
 <FilesMatch "wp-config\.php|error_log|readme\.html|license\.txt|wp-config-sample\.php">
 	order allow,deny
 	deny from all
 </FilesMatch>

 # Block WordPress Author Scans
 <IfModule mod_rewrite.c>
 	RewriteEngine On
 	RewriteBase /
 	RewriteCond %{QUERY_STRING} (author=\d+) [NC]
 	RewriteRule ^ - [NC,F,L]
 </IfModule>

 # BEGIN WordPress

 RewriteEngine On
 RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
 RewriteBase /
 RewriteRule ^index\.php$ - [L]
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d
 RewriteRule . /index.php [L]

 # END WordPress
	# force http to https
	RewriteEngine On
	RewriteCond %{HTTPS} !=on
	RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]

	# disable directory listing
	Options -Indexes +FollowSymLinks -MultiViews

	# turn off Apache version
	ServerSignature Off

	# clickjacking protection
	<IfModule mod_headers.c>
	Header set Content-Security-Policy "frame-ancestors 'none';"
	Header set X-Frame-Options "sameorigin"
	Header set X-XSS-Protection "1; mode=block"
	Header set X-Content-Type-Options nosniff
	Header set Referrer-Policy "same-origin"
	Header unset Vary
	</IfModule>

	# better search url
	RewriteCond %{QUERY_STRING} \\?s=([^&]+) [NC]
	RewriteRule ^$ /search/%1/? [NC,R,L]

	# protect wpconfig
	<files wp-config.php>
	Order deny,allow
	deny from all
	</files>

	# Blocks some XSS attacks
	<IfModule mod_rewrite.c>
	RewriteCond %{QUERY_STRING} (\\|%3E) [NC,OR]
	RewriteCond %{QUERY_STRING} GLOBALS(=\|\[\|\%[0-9A-Z]{0,2}) [OR]
	RewriteCond %{QUERY_STRING} _REQUEST(=\|\[\|\%[0-9A-Z]{0,2})
	RewriteRule .* index.php [F,L]
	</IfModule>

	# secure htaccess file
	<Files .htaccess>
	order allow,deny
	deny from all
	</Files>

	# secure other files
	<FilesMatch "wp-config\.php\|error_log\|readme\.html\|license\.txt\|wp-config-sample\.php">
	order allow,deny
	deny from all
	</FilesMatch>

	# Block WordPress Author Scans
	<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteBase /
	RewriteCond %{QUERY_STRING} (author=\d+) [NC]
	RewriteRule ^ - [NC,F,L]
	</IfModule>

	# BEGIN WordPress

	RewriteEngine On
	RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
	RewriteBase /
	RewriteRule ^index\.php$ - [L]
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteRule . /index.php [L]

	# END WordPress