Webmaster Security

Security .htaccess file

Submitted by zackster, , Thread ID: 174509

Thread Closed
zackster
Lurker
Level:
0
Reputation:
0
Posts:
4
Likes:
1
Credits:
6
16-06-2020, 09:53 PM
#1
Here is the .htaccess file I sometimes use to secure a website and optimize it:

# Force HTTPS
RewriteEngine ON
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

# Switch off server signature
ServerSignature Off

# Switch off directory listing
Options -Indexes

# Compress text, html...
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE application/html
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
</IfModule>

# Block Wordpress sensitive directories and files
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>

# Protect .htaccess
<files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</files>

# Set cache control
<FilesMatch "\.(ico|png|jpeg|svg|ttf)$">
Header Set Cache-Control "max-age=604800, public"
</FilesMatch>

RE: Security .htaccess file

luster
Lurker
Level:
0
Reputation:
0
Posts:
1
Likes:
0
Credits:
1
04-07-2020, 07:21 AM
#2
many thanks for sharing this .htaccess config ...............

RE: Security .htaccess file

bahattab
Lurker
Level:
0
Reputation:
0
Posts:
1
Likes:
0
Credits:
1
10-08-2020, 09:22 PM
#4
thanks for your sharing this .htaccess config it is great post Smile

RE: Security .htaccess file

QuinNull
Junior Member
Prime
Level:
0
Reputation:
0
Posts:
59
Likes:
5
Credits:
29
21-08-2020, 02:21 AM
#5
16-06-2020, 09:53 PM
zackster Wrote:
# Block Wordpress sensitive directories and files
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>

What exactly does this section do? Is it redirecting you back to the Wordpress homepage?
QuinNull

Users browsing this thread: 1 Guest(s)