Wordpress Security .HTACCESS

7/7/2015 - 6:49 PM
Wordpress Security .HTACCESS

ref:
https://www.elegantthemes.com/blog/tips-tricks/wordpress-htaccess-tips-and-tricks

# ========================================================================
# ====================== PROTECT WP-CONFIG.PHP ===========================
<Files wp-config.php>
order allow,deny
deny from all
</Files>


# ========================================================================
# ====================== PROTECT HTACCESSS ===============================

<files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</files>




# ========================================================================
# ========================= PROTECT /WP-CONTENT ==========================
 upload this separate .htaccess file to the main wp-content directory i.e. www.yourwebsite.com/wp-content/. Doing this will allow media files to be uploaded including XML, CSS, JPG, JPEG, PNG, Gif, and Javascript. All other file types will be denied.

Order deny,allow
    Deny from all
    <Files ~ ".(xml|css|jpe?g|png|gif|js)$">
    Allow from all
    </Files>



# ========================================================================
# ======================= PROTECT /WP-INCLUDES ===========================

# Block the include-only files.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>

upload this new htaccess file to your website’s /wp-admin/ folder i.e. www.yourwebsite.com/wp-admin/.
Restrict Access to the Admin Area, This will allow you to access your WordPress admin area, but will block everyone else.

# Limit logins and admin by IP
<Limit GET POST PUT>
order deny,allow
deny from all
allow from 12.34.56.78
</Limit>



Disable Directory Browsing

# disable directory browsing
Options All -Indexes



Enable Browser Caching

## EXPIRES CACHING ##
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access 1 year"
ExpiresByType image/jpeg "access 1 year"
ExpiresByType image/gif "access 1 year"
ExpiresByType image/png "access 1 year"
ExpiresByType text/css "access 1 month"
ExpiresByType application/pdf "access 1 month"
ExpiresByType text/x-javascript "access 1 month"
ExpiresByType application/x-shockwave-flash "access 1 month"
ExpiresByType image/x-icon "access 1 year"
ExpiresDefault "access 2 days"
</IfModule>
  
## EXPIRES CACHING ##
Cacher is the code snippet organizer for pro developers

We empower you and your team to get more done, faster

Wordpress Security .HTACCESS
