Webmaster Security

Security .htaccess file

Submitted by zackster, , Thread ID: 174509

Thread Closed
16-06-2020, 09:53 PM
#1
Here is the .htaccess file I sometimes use to secure a website and optimize it:

# Force HTTPS
RewriteEngine ON
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

# Switch off server signature
ServerSignature Off

# Switch off directory listing
Options -Indexes

# Compress text, html...
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE application/html
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
</IfModule>

# Block Wordpress sensitive directories and files
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>

# Protect .htaccess
<files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</files>

# Set cache control
<FilesMatch "\.(ico|png|jpeg|svg|ttf)$">
Header Set Cache-Control "max-age=604800, public"
</FilesMatch>

Users browsing this thread: 2 Guest(s)