palimadra · March 26, 2012 10:09
diff --git a/wp-htaccess b/wp-htaccess
 #  WordPress .htaccess file 
 #  Changes have to be made in lines where the domain needs to be added without any prefix like http://www.
 # Description: .htaccess file for WordPress based website
 # Author: Pali Madra
 # URL: http://www.agilewebdev.com
 # Created on: Mon Mar 26 15:37:11 2012
 # Revised on: Mon Mar 26 15:37:26 2012
 # Review the .htaccess file before uploading as you should not have plugins doing the same
 # Many thanks to http://www.josiahcole.com/2007/07/11/almost-perfect-htaccess-file-for-wordpress-blogs/

 #NOTE
 # At times it happens that the images do not show up and if that is the case please remove the hotlinking of
 # images code and upload the htaccess again and the images should work. I have had this problem with some
 # websites and if it continues I will either edit the code or remove it. 


 # limit file uploads to 10mb
 LimitRequestBody 10240000

 # protect the htaccess file
 <Files ~ "^.*\.([Hh][Tt][Aa])">
 order allow,deny
 deny from all
 satisfy all
 </Files>

 # disable the server signature
 ServerSignature Off

 # protect wpconfig.php
 <files wp-config.php>
 order allow,deny
 deny from all
 </files>

 #disable hotlinking of images with forbidden or custom image option
 <IfModule mod_rewrite.c>
 RewriteEngine on
 RewriteCond %{HTTP_REFERER} !^$
 RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)agilewebsitedev.com [NC]
 RewriteCond %{HTTP_REFERER} !^http://(www.)?TrustedDomain.com/.*$ [NC]
 RewriteRule \.(jpg|jpeg|png|gif)$ http://agilewebsitedev.com/images/HotlinkingNotPermitted.gif [NC,R,L]
 </IfModule>

 #custom error docs
 ErrorDocument 404 /notfound.php
 ErrorDocument 403 /forbidden.php
 ErrorDocument 500 /error.php

 # protect from spam comments
 <IfModule mod_rewrite.c>
 RewriteEngine On
 RewriteCond %{REQUEST_METHOD} POST
 RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
 RewriteCond %{HTTP_REFERER} !.*agilewebsitedev.com.* [OR]
 RewriteCond %{HTTP_USER_AGENT} ^$
 RewriteRule (.*) http://%{REMOTE_ADDR}/$ [R=301,L]
 </IfModule>

 # protect the website from script injections
 Options +FollowSymLinks
 RewriteEngine On
 RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
 RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
 RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})
 RewriteRule ^(.*)$ index.php [F,L]

 # Disable Directory Browsing
 Options All -Indexes

 # BEGIN WordPress recommended by the codex on WordPress.org
 <IfModule mod_rewrite.c>
 RewriteEngine On
 RewriteBase /
 RewriteRule ^index\.php$ - [L]
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d
 RewriteRule . /index.php [L]
 </IfModule>
 # END WordPress
	# WordPress .htaccess file
	# Changes have to be made in lines where the domain needs to be added without any prefix like http://www.
	# Description: .htaccess file for WordPress based website
	# Author: Pali Madra
	# URL: http://www.agilewebdev.com
	# Created on: Mon Mar 26 15:37:11 2012
	# Revised on: Mon Mar 26 15:37:26 2012
	# Review the .htaccess file before uploading as you should not have plugins doing the same
	# Many thanks to http://www.josiahcole.com/2007/07/11/almost-perfect-htaccess-file-for-wordpress-blogs/

	#NOTE
	# At times it happens that the images do not show up and if that is the case please remove the hotlinking of
	# images code and upload the htaccess again and the images should work. I have had this problem with some
	# websites and if it continues I will either edit the code or remove it.


	# limit file uploads to 10mb
	LimitRequestBody 10240000

	# protect the htaccess file
	<Files ~ "^.*\.([Hh][Tt][Aa])">
	order allow,deny
	deny from all
	satisfy all
	</Files>

	# disable the server signature
	ServerSignature Off

	# protect wpconfig.php
	<files wp-config.php>
	order allow,deny
	deny from all
	</files>

	#disable hotlinking of images with forbidden or custom image option
	<IfModule mod_rewrite.c>
	RewriteEngine on
	RewriteCond %{HTTP_REFERER} !^$
	RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)agilewebsitedev.com [NC]
	RewriteCond %{HTTP_REFERER} !^http://(www.)?TrustedDomain.com/.*$ [NC]
	RewriteRule \.(jpg\|jpeg\|png\|gif)$ http://agilewebsitedev.com/images/HotlinkingNotPermitted.gif [NC,R,L]
	</IfModule>

	#custom error docs
	ErrorDocument 404 /notfound.php
	ErrorDocument 403 /forbidden.php
	ErrorDocument 500 /error.php

	# protect from spam comments
	<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteCond %{REQUEST_METHOD} POST
	RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
	RewriteCond %{HTTP_REFERER} !.agilewebsitedev.com. [OR]
	RewriteCond %{HTTP_USER_AGENT} ^$
	RewriteRule (.*) http://%{REMOTE_ADDR}/$ [R=301,L]
	</IfModule>

	# protect the website from script injections
	Options +FollowSymLinks
	RewriteEngine On
	RewriteCond %{QUERY_STRING} (<\|%3C).script.(>\|%3E) [NC,OR]
	RewriteCond %{QUERY_STRING} GLOBALS(=\|[\|%[0-9A-Z]{0,2}) [OR]
	RewriteCond %{QUERY_STRING} _REQUEST(=\|[\|%[0-9A-Z]{0,2})
	RewriteRule ^(.*)$ index.php [F,L]

	# Disable Directory Browsing
	Options All -Indexes

	# BEGIN WordPress recommended by the codex on WordPress.org
	<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteBase /
	RewriteRule ^index\.php$ - [L]
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteRule . /index.php [L]
	</IfModule>
	# END WordPress