Thread: Wordpress SEO & Security Friendly .htaccess & Pugins
View Single Post
  #9 (permalink)  
Old 06-01-2009, 11:35 PM
Webnauts's Avatar
Webnauts Webnauts is offline
WebProWorld 1,000+ Club
WebProWorld MVP
  
Join Date: Aug 2003
Location: Worldwide
Posts: 8,167
Webnauts RepRank 9Webnauts RepRank 9Webnauts RepRank 9Webnauts RepRank 9Webnauts RepRank 9Webnauts RepRank 9Webnauts RepRank 9Webnauts RepRank 9Webnauts RepRank 9Webnauts RepRank 9
Lightbulb Re: Wordpress SEO & Security Friendly .htaccess & Pugins
Quote:
Originally Posted by Dinghus View Post
I don't use WordPress so out of curiosity, is this supposed to go on your own webserver or is it on a shared server or what?
This can work if you are on an Apache hosting, and your provider allows you to edit the .htaccess file.

I use this rules on my static web sites, though taking out the lines:

### Real wp-comments-post.php - Denies any POST attempt made to a non-existing wp-comments-post.php ###
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*/wp-comments-post\.php.*\ HTTP/ [NC]
RewriteRule .* - [F,NS,L]

### HTTP PROTOCOL - Denies any badly formed HTTP PROTOCOL in the request, 0.9, 1.0, and 1.1 only ###
RewriteCond %{THE_REQUEST} !^[A-Z]{3,9}\ .+\ HTTP/(0\.9|1\.0|1\.1) [NC]
RewriteRule .* - [F,NS,L]

### BAD Content Length - Denies any POST request that doesnt have a Content-Length Header ###
RewriteCond %{REQUEST_METHOD} =POST
RewriteCond %{HTTP:Content-Length} ^$
RewriteCond %{REQUEST_URI} !^/(wp-admin/|wp-content/plugins/|wp-includes/).* [NC]
RewriteRule .* - [F,NS,L]

### BAD Content Type - Denies any POST request with a content type other than application/x-www-form-urlencoded|multipart/form-data ###
RewriteCond %{REQUEST_METHOD} =POST
RewriteCond %{HTTP:Content-Type} !^(application/x-www-form-urlencoded|multipart/form-data.*(boundary.*)?)$ [NC]
RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]
RewriteRule .* - [F,NS,L]

### NO HOST - Denies requests that dont contain a HTTP HOST Header ###
RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]
RewriteCond %{HTTP_HOST} ^$
RewriteRule .* - [F,NS,L]

### Bogus Graphics Exploit - Denies obvious exploit using bogus graphics ###
RewriteCond %{HTTP:Content-Disposition} \.php [NC]
RewriteCond %{HTTP:Content-Type} image/.+ [NC]
RewriteRule .* - [F,NS,L]

### This also will catch a lot of spammers ###
RewriteCond %{HTTP:VIA} ^.+pinappleproxy [NC]
RewriteRule .* - [F]

Attention! I can not provide any guarantees if it will work in all cases. If you feel like trying it out with your responsibility, go ahead.
__________________
"Being an expert isn't telling other people what you know. It's understanding what questions to ask, and flexibly applying your knowledge to the specific situation at hand. Being an expert means providing sensible, highly contextual direction." Jeff Atwood
SEO Workers - Search Engine Optimization Consulting Company | SEO Analysis Tool | Webnauts Net SEO
Last edited by Webnauts; 06-02-2009 at 12:07 AM.
Reply With Quote