Mike Waller
asked on
wordpress security
Hi there. i am trying to secure down my wordpress site. In my .htaccess file I have:
In my wp-config.php file I have:
I've commented out most things in the .htaccess file because I'm sure if I need them. Please let me know. Or if you know of a good plugin that will generate a safe .htaccess file for my site. Thanks!
# protect the htaccess file
<files .htaccess>
order allow,deny
deny from all
</files>
# protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all
</files>
# disable the server signature
ServerSignature Off
# limit file uploads to 100mb
LimitRequestBody 102400000
#who has access and who doesnt
#<Limit GET POST PUT>
#order allow,deny
#allow from all
#deny from xx.xx.xx.xx
#</LIMIT>
# Allow only my IP adress on the wp-admin directory
#AuthUserFile /dev/null
#AuthGroupFile /dev/null
#AuthName "Example Access Control"
#AuthType Basic
#<LIMIT GET>
#order deny,allow
#deny from all
#allow from xx.xx.xx.xx
#</LIMIT>
# disable/prevent directory browsing
#Options All –Indexes
#RedirectMatch 301 /([0-9]+)/([0-9]+)/([0-9]+)/(.*)$ http://www.domain.com/$4
#RewriteRule ^category/(.+)$ http://www.domain.com/$1 [R=301,L]
# temp redirect wordpress content feeds to feedburner
#<IfModule mod_rewrite.c>
#RewriteEngine on
#RewriteCond %{HTTP_USER_AGENT} !FeedBurner [NC]
#RewriteCond %{HTTP_USER_AGENT} !FeedValidator [NC]
#RewriteRule ^feed/?([_0-9a-z-]+)?/?$ http://feeds2.feedburner.com/catswhocode [R=302,NC,L]
#</IfModule>
#block referring domains
#RewriteEngine on
#RewriteCond %{HTTP_REFERER} digg.com [NC]
#RewriteRule .* – [F]
#RewriteEngine On
#Replace ?mysite.com/ with your blog url
#RewriteCond %{HTTP_REFERER} !^http://(.+.)?mysite.com/ [NC]
#RewriteCond %{HTTP_REFERER} !^$
#Replace /images/nohotlink.jpg with your "don't hotlink" image url
#RewriteRule .*.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
# set the canonical url
#RewriteEngine On
#RewriteCond %{HTTP_HOST} ^http://yourdomain.com$ [NC]
#RewriteRule ^(.*)$ http://www.yourdomain.com/$1 [R=301,L]
# protect from spam or post comments
#RewriteEngine On
#RewriteCond %{REQUEST_METHOD} POST
#RewriteCond %{REQUEST_URI} .wp-comments-post.php*
#RewriteCond %{HTTP_REFERER} !.*yourdomain.com.* [OR]
#RewriteCond %{HTTP_USER_AGENT} ^$
#RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]
# protect maintenance page
#RewriteEngine on
#RewriteCond %{REQUEST_URI} !/maintenance.html$
#RewriteCond %{REMOTE_ADDR} !^xx.xx.xx.xx
#RewriteRule $ /maintenance.html [R=302,L]
# Set the Time Zone of the Server
SetEnv TZ America/Denver
# Compress static data
AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml application/xhtml+xml text/javascript text/css application/x-javascript
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4.0[678] no-gzip
BrowserMatch bMSIE !no-gzip !gzip-only-text/html
# Forcing the use of browser cache
FileETag MTime Size
<ifmodule mod_expires.c>
<filesmatch ".(jpg|gif|png|css|js)$">
ExpiresActive on
ExpiresDefault "access plus 1 year"
</filesmatch>
</ifmodule>
# Protect WordPress Blog From Script Injections
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]
In my wp-config.php file I have:
define('DISALLOW_FILE_EDIT',true);
define('DISALLOW_FILE_MODS',true);
define('FS_METHOD', 'ftpext');
I've commented out most things in the .htaccess file because I'm sure if I need them. Please let me know. Or if you know of a good plugin that will generate a safe .htaccess file for my site. Thanks!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER