Wordpress SEO & Security Friendly .htaccess & Pugins

[Webnauts]

After reading this article https://wpsecurity.net/155-reasons-w...tter-security/ I thought of sharing with you a sample .htaccess file I have created and use myself for my Wordpress blogs to enhance their on-page search engine optimization and security.

If you want to use it free free, but under your own responsibility. Comments are also appreciated.

Here somes the code (3 posts long):

### Turning on the RewriteEngine ####
RewriteEngine on
RewriteBase /
ServerSignature Off
Options All -Indexes
Options +FollowSymLinks
Options -MultiViews

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

### If you use a mobile version plugin ###
RewriteCond %{HTTP_USER_AGENT} !^.+(iPhone|iPod|aspen|dream|incognito|webmate|Bla ckBerry9500|BlackBerry9530)

### Require the www to avoid cannonicalization issues by Dan ###
RewriteCond %{HTTP_HOST} !^www\.wordpressdemo\.com [NC]
RewriteRule ^(.*)$ http://www.wordpressdemo.com/$1 [L,R=301]

### Require to add trailing slash if not present to avoid cannonicalization issues ###
RewriteCond %{HTTP_HOST} !^www\.wordpressdemo\.com [NC]
RewriteCond %{HTTP_HOST} !^$
RewriteRule ^/(.*) http://www.wordpressdemo.com/$1 [L,R]

### Redirect index.html to / ######
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*index\.html?\ HTTP/
RewriteRule ^(.*)index\.html?$ http://www.wordpressdemo.com/$1 [R=301,L]

### Redirect index.html to / ######
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*index\.htm?\ HTTP/
RewriteRule ^(.*)index\.htm?$ http://www.wordpressdemo.com/$1 [R=301,L]

### Redirect index.php to / ######
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*index\.php?\ HTTP/
RewriteRule ^(.*)index\.php?$ http://www.wordpressdemo.com/$1 [R=301,L]

<FilesMatch "robots\.txt">
Header set X-Robots-Tag "noindex"
</FilesMatch>

<FilesMatch "\.(js|xml)$">
Header set X-Robots-Tag "noindex,follow,noarchive,nosnippet"
</FilesMatch>

### Set the Server Administrator. Email Admin upon error ###
ServerSignature EMail
SetEnv SERVER_ADMIN info@wordpressdemo.com

### Set the server timezone ###
SetEnv TZ America/Los_Angeles

### Enable MD5 digests via ContentDigest ###
ContentDigest On

### Charset, Content Type & Language ###
AddDefaultCharset UTF-8
AddLanguage en-US .html .htm .css .js .php .pl
AddType 'text/html; charset=UTF-8' .html

### Remove IE imagetoolbar. META HTTP-EQUIV REPLACEMENTS ####
<FilesMatch "\.(html|htm|php)$">
Header set Imagetoolbar "no"
</FilesMatch>

########## Files Compression ##########
#<FilesMatch "\.(html|js|css|png|jpeg|jpg|gif|php)$">
# SetOutputFilter DEFLATE
#</FilesMatch>

<FilesMatch "\.(txt|xml)$">
Header set X-Robots-Tag "noindex,follow,noarchive,nosnippet"
</FilesMatch>

### Rules to save brandwidth ###
SetEnvIfNoCase ^If-Modified-Since$ "(.+)" HTTP_IF_MODIFIED_SINCE=$1
SetEnvIfNoCase ^If-None-Match$ "(.+)" HTTP_IF_NONE_MATCH=$1

### Expires Headers to Images ###
ExpiresActive On
ExpiresByType image/gif A2592000
ExpiresByType image/png A2592000
ExpiresByType image/jpg A2592000
ExpiresByType image/jpeg A2592000

##### Security settings #####

## LIMIT UPLOAD FILE SIZE TO PROTECT AGAINST DOS ATTACK by limiting file size to 0-2147483647 bytes, (2GB)###
LimitRequestBody 10240000

php_flag register_globals off

### Prevent .htaccess, .htpasswd and other files from being viewed by web clients ###
<FilesMatch "\.(htaccess|htpasswd|ini|phps|fla|psd|log|sh) $">
Order Allow,Deny
Deny from all
</FilesMatch>

[Webnauts]

(Part of the script below was contributed by Jeff Starr of Perishable Press. The original code is located here: "The Perishable Press 4G Blacklist")

# FILTER REQUEST METHODS
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC]
RewriteRule ^(.*)$ - [F,L]
</IfModule>

# BLACKLIST CANDIDATES
<Limit GET POST PUT>
Order Allow,Deny
Allow from all
Deny from 75.126.85.215 "# blacklist candidate 2008-01-02 = admin-ajax.php attack "
Deny from 128.111.48.138 "# blacklist candidate 2008-02-10 = cryptic character strings "
Deny from 87.248.163.54 "# blacklist candidate 2008-03-09 = block administrative attacks "
Deny from 84.122.143.99 "# blacklist candidate 2008-04-27 = block clam store loser "
Deny from 210.210.119.145 "# blacklist candidate 2008-05-31 = block _vpi.xml attacks "
Deny from 66.74.199.125 "# blacklist candidate 2008-10-19 = block mindless spider running "
Deny from 203.55.231.100 "# 1048 attacks in 60 minutes"
Deny from 24.19.202.10 "# 1629 attacks in 90 minutes"
</Limit>

# QUERY STRING EXPLOITS
<IfModule mod_rewrite.c>
RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} tag\= [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} http\: [NC,OR]
RewriteCond %{QUERY_STRING} https\: [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|'|"|;|\?|\*).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%22|%27|%3C|%3E|%5C|%7B|%7C).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|config|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare|drop).* [NC]
RewriteRule ^(.*)$ - [F,L]
</IfModule>

# CHARACTER STRINGS
<IfModule mod_alias.c>
# BASIC CHARACTERS (Changed from 403 to 404 by John)
RedirectMatch 404 \,
RedirectMatch 404 \:
RedirectMatch 404 \;
RedirectMatch 404 \=
RedirectMatch 404 \@
RedirectMatch 404 \[
RedirectMatch 404 \]
RedirectMatch 404 \^
RedirectMatch 404 \`
RedirectMatch 404 \{
RedirectMatch 404 \}
RedirectMatch 404 \~
RedirectMatch 404 \"
RedirectMatch 404 \$
RedirectMatch 404 \<
RedirectMatch 404 \>
RedirectMatch 404 \|
RedirectMatch 404 \.\.
RedirectMatch 404 \/\/
RedirectMatch 404 \%0
RedirectMatch 404 \%A
RedirectMatch 404 \%B
RedirectMatch 404 \%C
RedirectMatch 404 \%D
RedirectMatch 404 \%E
RedirectMatch 404 \%F
RedirectMatch 404 \%22
RedirectMatch 404 \%27
RedirectMatch 404 \%28
RedirectMatch 404 \%29
RedirectMatch 404 \%3C
RedirectMatch 404 \%3E
RedirectMatch 404 \%3F
RedirectMatch 404 \%5B
RedirectMatch 404 \%5C
RedirectMatch 404 \%5D
RedirectMatch 404 \%7B
RedirectMatch 404 \%7C
RedirectMatch 404 \%7D
# COMMON PATTERNS
Redirectmatch 403 \_vpi
RedirectMatch 403 \.inc
Redirectmatch 403 xAou6
Redirectmatch 403 db\_name
Redirectmatch 403 select\(
Redirectmatch 403 convert\(
Redirectmatch 403 \/query\/
RedirectMatch 403 ImpEvData
Redirectmatch 403 \.XMLHTTP
Redirectmatch 403 proxydeny
RedirectMatch 403 function\.
Redirectmatch 403 remoteFile
Redirectmatch 403 servername
Redirectmatch 403 \&rptmode\=
Redirectmatch 403 sys\_cpanel
RedirectMatch 403 db\_connect
RedirectMatch 403 doeditconfig
RedirectMatch 403 check\_proxy
Redirectmatch 403 system\_user
Redirectmatch 403 \/\(null\)\/
Redirectmatch 403 clientrequest
Redirectmatch 403 option\_value
RedirectMatch 403 ref\.outcontrol
# SPECIFIC EXPLOITS
RedirectMatch 403 errors\.
RedirectMatch 403 config\.
RedirectMatch 403 include\.
RedirectMatch 403 display\.
RedirectMatch 403 register\.
Redirectmatch 403 password\.
RedirectMatch 403 maincore\.
RedirectMatch 403 authorize\.
Redirectmatch 403 macromates\.
RedirectMatch 403 head\_auth\.
RedirectMatch 403 submit\_links\.
RedirectMatch 403 change\_action\.
Redirectmatch 403 com\_facileforms\/
RedirectMatch 403 admin\_db\_utilities\.
RedirectMatch 403 admin\.webring\.docs\.
Redirectmatch 403 Table\/Latest\/index\.
</IfModule>

### Safe Request Methods - Denies any request not using GET,PROPFIND,POST,OPTIONS,PUT,HEAD ###
RewriteCond %{REQUEST_METHOD} !^(GET|HEAD|POST|PROPFIND|OPTIONS|PUT)$ [NC]
RewriteRule .* - [F,NS,L]

### Injection Attack: DECLARE, SET and CAST. More: http://www.informationtechnologymanager.net/?p=25 ###
RewriteCond %{REQUEST_URI} ^/(,|;|<|>|”>|”<|/|\\\.\.\\).{0,9999}.* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(;|<|>|’|”|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|updat e|md5|benchmark).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(<|>|’|%0A|%0D|%27|%3C|%3E|%00).* [NC]
RewriteRule ^(.*)$ http://www.gojumpinariver.com

[Webnauts]

(Part of the script below was contributed by John. S. Britsios of SEO Workers & askapache.com.)

### Real wp-comments-post.php - Denies any POST attempt made to a non-existing wp-comments-post.php ###
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*/wp-comments-post\.php.*\ HTTP/ [NC]
RewriteRule .* - [F,NS,L]

### HTTP PROTOCOL - Denies any badly formed HTTP PROTOCOL in the request, 0.9, 1.0, and 1.1 only ###
RewriteCond %{THE_REQUEST} !^[A-Z]{3,9}\ .+\ HTTP/(0\.9|1\.0|1\.1) [NC]
RewriteRule .* - [F,NS,L]

### BAD Content Length - Denies any POST request that doesnt have a Content-Length Header ###
RewriteCond %{REQUEST_METHOD} =POST
RewriteCond %{HTTP:Content-Length} ^$
RewriteCond %{REQUEST_URI} !^/(wp-admin/|wp-content/plugins/|wp-includes/).* [NC]
RewriteRule .* - [F,NS,L]

### BAD Content Type - Denies any POST request with a content type other than application/x-www-form-urlencoded|multipart/form-data ###
RewriteCond %{REQUEST_METHOD} =POST
RewriteCond %{HTTP:Content-Type} !^(application/x-www-form-urlencoded|multipart/form-data.*(boundary.*)?)$ [NC]
RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]
RewriteRule .* - [F,NS,L]

### NO HOST - Denies requests that dont contain a HTTP HOST Header ###
RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]
RewriteCond %{HTTP_HOST} ^$
RewriteRule .* - [F,NS,L]

### Bogus Graphics Exploit - Denies obvious exploit using bogus graphics ###
RewriteCond %{HTTP:Content-Disposition} \.php [NC]
RewriteCond %{HTTP:Content-Type} image/.+ [NC]
RewriteRule .* - [F,NS,L]

### This also will catch a lot of spammers ###
RewriteCond %{HTTP:VIA} ^.+pinappleproxy [NC]
RewriteRule .* - [F]


### Deny Fake Bots ###
BrowserMatch "^Java/?[1-9_\.]*" bad_bot
BrowserMatch "^MJ12bot/?[1-9_\.]*" bad_bot
SetEnvIfNoCase User-Agent "^8484 Boston Project/?[1-9_\.]*" bad_bot
SetEnvIfNoCase User-Agent "charlotte/" bad_bot
SetEnvIfNoCase User-Agent "curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5" bad_bot
SetEnvifNoCase User-Agent "^Heritrix/" bad_bot
SetEnvIfNoCase User-Agent "ia_archiver" bad_bot
SetEnvIfNoCase User-Agent "larbin/" bad-bot
SetEnvIfNoCase User-Agent "libwww-perl"" bad_bot
SetEnvIfNoCase User-Agent "^libcurl-agent/" bad_bot
SetEnvifNoCase User-Agent "IRC-Bbot" bad_bot
SetEnvifNoCase User-Agent "ISC Systems iRc Search 2.1" bad_bot
SetEnvIfNoCase User-Agent "^Jakarta\ Commons-HttpClient/" bad_bot
SetEnvIfNoCase User-Agent "^Java/" bad_bot
SetEnvIfNoCase User-Agent "^Microsoft\ URL\ Control.*$" bad_bot
SetEnvIfNoCase User-Agent "^MJ12bot/" bad_bot
SetEnvIfNoCase User-Agent "MJ12bot/v1.0.8" bad_bot
SetEnvIfNoCase User-Agent "^Missigua Locator" bad_bot
SetEnvIfNoCase User-Agent "^Mozilla/4\.0\ .*Win\ 9x\ 4\.90.*$" bad_bot
SetEnvIfNoCase User-Agent "Nutch" bad_bot
SetEnvIfNoCase User-Agent "^PEAR HTTP_Request class" bad_bot
SetEnvIfNoCase User-Agent "phpversion" bad_bot
SetEnvIfNoCase User-Agent "^psycheclone" bad_bot
SetEnvIfNoCase User-Agent "^TencentTraveler" bad_bot
SetEnvIfNoCase User-Agent "^Web Downloader" bad_bot
SetEnvIfNoCase User-Agent "^Wells Search II" bad_bot
SetEnvIfNoCase User-Agent "^WEP Search 00" bad_bot
<Limit GET POST>
Order Allow,Deny
Allow from all
Deny from env=bad_bot
</Limit>

# Known Bad Bots
RewriteCond %{HTTP_USER_AGENT} ADSARobot|ah-ha|almaden|aktuelles|Anarchie|amzn_assoc|Arachmo|A SPSeek|ASSORT|ATHENS|Atomz|attach|attache|autoemai lspider|BackWeb|Bandit|BatchFTP|bdfetch|Bbot|Becom eBot|big.brother|Bitacle|BlackWidow|bmclient|boith o.com-dc|Boston\ Project|bot/1.0|BravoBrian\ SpiderEngine\ MarcoPolo|Bot\ mailto:craftbot@yahoo.com|Buddy|Bullseye|bumblebee |capture|CherryPicker|ChinaClaw|CICC|clipping|Clus hbot|Collector|Copier|Crescent|Crescent\ Internet\ ToolPak|Custo|cyberalert|Deweb|diagem|Digger|Digim arc|DIIbot|DISCo|DISCo\ Pump|DISCoFinder|Download\ Demon|Download\ Wonder|Downloader|Drip|DSurf15a|DTS.Agent|EasyDL|e Catch|ecollector|efp@gmx\.net|Email\ Extractor|EirGrabber|email|EmailCollector|EmailSip hon|EmailWolf|Express\ WebPictures|ExtractorPro|EyeNetIE|FavOrg|fastlwspi der|Favorites\ Sweeper|Fetch|FEZhead|FileHound|FlashGet\ WebWasher|FlickBot|fluffy|FrontPage|GalaxyBot|Gene ric|Getleft|GetRight|GetSmart|GetWeb!|GetWebPage|g igabaz|Girafabot|Go\!Zilla|Go!Zilla|Go-Ahead-Got-It|GornKer|gotit|Grabber|GrabNet|Grafula|Green\ Research|grub-client|Harvest|heritrix|hhjhj@yahoo|hloader|HMView |HomePageSearch|http\ generic|HTTrack|httpdown|httrack|ia_archiver|IBM_P lanetwide|Image\ Stripper|Image\ Sucker|imagefetch|IncyWincy|Indy*Library|Indy\ Library|informant|Ingelin|InterGET|Internet\ Ninja|InternetLinkagent|Internet\ Ninja|InternetSeer\.com|Iria|Irvine|JBH*agent|JetC ar|JOC|JOC\ Web\ Spider|JustView|kalooga|KWebGet|Lachesis|larbin|Le acher|LeechFTP|LexiBot|lftp|likse|Link|Link*Sleuth |LINKS\ ARoMATIZED|LinkWalker|LWP|lwp-trivial|Mag-Net|Magnet|Mac\ Finder|Mag-Net|Mass\ Downloader|MCspider|MJ12bot/v1\.0\.8|Memo|Microsoft.URL|MIDown\ tool|Mirror|Missigua\ Locator|Mister\ PiX|MMMtoCrawl\/UrlDispatcherLLL|monit|^Mozilla$|Mozilla.*Indy|Moz illa.*NEWT|Mozilla*MSIECrawler|MS\ FrontPage*|MSFrontPage|MSIECrawler|MSProxy|MSR-ISRCCrawler|multithreaddb|my-heritrix-crawler|nationaldirectory|Navroad|NearSite|NetAnts |NetCarta|NetMechanic|netprospector|NetResearchSer ver|NetSpider|Net\ Vampire|NetZIP|NetZip\ Downloader|NetZippy|NEWT|NICErsPRO|Ninja|NPBot|Nic heBot|noxtrumbot|Octopus|Offline\ Explorer|Offline\ Navigator|OmniExplorer|OpaL|Openfind|OpenTextSiteC rawler|OrangeBot|PageGrabber|Papa\ Foto|PackRat|pavuk|pcBrowser|PersonaPilot|Ping|Pin gALink|Pingdom|Pockey|POE-Component-Client-HTTP|Powermarks|Proxy|psbot|PSurf|psycheclone|puf| Pump|PushSite|QRVA|RealDownload|Reaper|Recorder|Re Get|replacer|RepoMonkey|Robozilla|Rover|RPT-HTTPClient|Rsync|Scooter|SearchExpress|searchhippo |searchterms\.it|Second\ Street\ Research|Seeker|Shai|Siphon|sitecheck|sitecheck.in ternetseer.com|SiteSnagger|SlySearch|SmartDownload |snagger|Snake|SpaceBison|Spegla|SpiderBot|sproose |SqWorm|Stripper|Sucker|SuperBot|SuperHTTP|Surfbot |SurfWalker|Szukacz|tAkeOut|tarspider|Teleport\ Pro|Templeton|TencentTraveler|TrueRobot|TV33_Merca tor|UIowaCrawler|UtilMind|URLSpiderPro|URL_Spider_ Pro|Vacuum|vagabondo|vayala|visibilitygap|VoidEYE| vspider|Web\ Downloader|w3mir|Web\ Data\ Extractor|Web\ Image\ Collector|Web\ Sucker|Wweb|WebAuto|WebBandit|web\.by\.mail|Webcli pping|webcollage|webcollector|WebCopier|webcraft@b ea|webdevil|webdownloader|Webdup|WebEMailExtrac|We bFetch|WebGo\ IS|WebHook|Webinator|WebLeacher|WEBMASTERS|WebMine r|WebMirror|webmole|WebReaper|WebSauger|Website|We bsite\ eXtractor|Website\ Quester|WebSnake|Webster|WebStripper|websucker|web vac|webwalk|webweasel|WebWhacker|WebZIP|Wget|Whack er|whizbang|WhosTalking|Widow|WinHTTP|WISEbot|WWWO FFLE|x-Tractor|^Xaldon\ WebSpider|WUMPUS|Xenu|XGET|Yeti|zermelo|Zeus.*Webs ter|Zeus [NC]
RewriteRule ^.* - [F,L]

# Bots starting with Web
RewriteCond %{HTTP_USER_AGENT} ^web(zip|emaile|enhancer|fetch|go.?is|auto|bandit| clip|copier|master|reaper|sauger|site.?quester|wha ck) [NC,OR]

# Anywhere in UA -- Greedy REGEX
RewriteCond %{HTTP_USER_AGENT} ^.*(craftbot|download|extract|stripper|sucker|ninj a|clshttp|webspider|leacher|collector|grabber|webp ictures).*$ [NC]
RewriteRule ^.* - [F,L]

### Stop browser prefetching ####
SetEnvIfNoCase X-Forwarded-For .+ proxy=yes
SetEnvIfNoCase X-moz prefetch no_access=yes[/CODE]Be aware that I am using some other plugins for the purposes I mentioned above. These rules are an addition to all those plugins rules.

[Webnauts]

I recommend the plugins:

1. Stop Comment Spam and Trackback Spam Akismet

2. All In One SEO Pack WordPress Plugin | WordPress Developer

3. Bad Behavior / Bad Behaviour:

4. Sitemap Generator Plugin for Wordpress Dagon Design

5. Do Follow Plugin For WordPress

6. Follow Me | Ignite Social Media

7. Google (XML) Sitemaps Generator for WordPress

8. WordPress › http:BL WordPress Plugin WordPress Plugins

9. Wordpress Plugin - My Page Order | Geeky Weekly

10. WordPress-Ready Contact Form v.2.0WP - Beast-Blog.com

11. Dave’s Blog Spam Karma 2.3

12. Tell-a-Friend: Word of Mouth Marketing made simple

13. Tracked RSS | Jack McIntyre

14. WordPress Firewall Plugin » SEO Egghead

15. WP Security Scan | WordPress Developer

16. WordPress Super Cache

17. WPtouch: Mobile Plugin + Theme for WordPress ? BraveNewCode Inc.


And don't forget to implement this:
Important Security Fix for WordPress ? Perishable Press

If you are a bit more technical, then go ahead and do this too: http://tdot-blog.com/wordpress/6-sim...x-in-wordpress

I am sure that with all above you will have such results that you will be very thankful.

[Webnauts]

I hope my thread will be useful for you too. And who knows? Maybe its becomes a sticky.

Take care,

John

[Webnauts]

I just wanted to mention here that I created a part of the above .htaccess file myself and some parts were taken from Perishable Press :: Digital Design and Dialogue ~ and AskApache - Crazy Advanced Web Development for server admins, WordPress bloggers, programmers, and hackers with topics and tools for Htaccess Rewrites, Linux and bash, PHP networking with cURL, SEO. which some parts I edited (removing - modifying - adding) stuff.

I recommend visiting their sites, as they are definitely great resources.

Good luck.

[Orion]

WOW.. Awesome stuff!

Once again, thank you Webnauts for making us the benefactors of your research! Course now we all have to work some of it backwards to figure it out lol..

Thanks,

[Dinghus]

I don't use WordPress so out of curiosity, is this supposed to go on your own webserver or is it on a shared server or what?

[Webnauts]

Quote:

Originally Posted by Dinghus

I don't use WordPress so out of curiosity, is this supposed to go on your own webserver or is it on a shared server or what?

This can work if you are on an Apache hosting, and your provider allows you to edit the .htaccess file.

I use this rules on my static web sites, though taking out the lines:

### Real wp-comments-post.php - Denies any POST attempt made to a non-existing wp-comments-post.php ###
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*/wp-comments-post\.php.*\ HTTP/ [NC]
RewriteRule .* - [F,NS,L]

### HTTP PROTOCOL - Denies any badly formed HTTP PROTOCOL in the request, 0.9, 1.0, and 1.1 only ###
RewriteCond %{THE_REQUEST} !^[A-Z]{3,9}\ .+\ HTTP/(0\.9|1\.0|1\.1) [NC]
RewriteRule .* - [F,NS,L]

### BAD Content Length - Denies any POST request that doesnt have a Content-Length Header ###
RewriteCond %{REQUEST_METHOD} =POST
RewriteCond %{HTTP:Content-Length} ^$
RewriteCond %{REQUEST_URI} !^/(wp-admin/|wp-content/plugins/|wp-includes/).* [NC]
RewriteRule .* - [F,NS,L]

### BAD Content Type - Denies any POST request with a content type other than application/x-www-form-urlencoded|multipart/form-data ###
RewriteCond %{REQUEST_METHOD} =POST
RewriteCond %{HTTP:Content-Type} !^(application/x-www-form-urlencoded|multipart/form-data.*(boundary.*)?)$ [NC]
RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]
RewriteRule .* - [F,NS,L]

### NO HOST - Denies requests that dont contain a HTTP HOST Header ###
RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]
RewriteCond %{HTTP_HOST} ^$
RewriteRule .* - [F,NS,L]

### Bogus Graphics Exploit - Denies obvious exploit using bogus graphics ###
RewriteCond %{HTTP:Content-Disposition} \.php [NC]
RewriteCond %{HTTP:Content-Type} image/.+ [NC]
RewriteRule .* - [F,NS,L]

### This also will catch a lot of spammers ###
RewriteCond %{HTTP:VIA} ^.+pinappleproxy [NC]
RewriteRule .* - [F]

Attention! I can not provide any guarantees if it will work in all cases. If you feel like trying it out with your responsibility, go ahead.

[williamc]

John, was wordpressdemo.com your domain? If not which parts of the script did you actually create?

Curious.

[Webnauts]

Quote:

Originally Posted by williamc

John, was wordpressdemo.com your domain?

What is that for a question man. Are you kidding me?

[williamc]

Not at all. It is all thru your posted .htaccess

Quote:

### Require the www to avoid cannonicalization issues by Dan ###
RewriteCond %{HTTP_HOST} !^www\.wordpressdemo\.com [NC]
RewriteRule ^(.*)$ http://www.wordpressdemo.com/$1 [L,R=301]

### Require to add trailing slash if not present to avoid cannonicalization issues ###
RewriteCond %{HTTP_HOST} !^www\.wordpressdemo\.com [NC]
RewriteCond %{HTTP_HOST} !^$
RewriteRule ^/(.*) http://www.wordpressdemo.com/$1 [L,R]

### Redirect index.html to / ######
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*index\.html?\ HTTP/
RewriteRule ^(.*)index\.html?$ http://www.wordpressdemo.com/$1 [R=301,L]

Don't get me wrong here, the .htaccess rules are excellant, and well thought out, even if they do break apache under solaris and fbsd due to conflicts. I even notice 4 different coding styles in it.

Just trying to ascertain which parts are your own creativity

[Webnauts]

Quote:

Originally Posted by williamc

Not at all. It is all thru your posted .htaccess



Don't get me wrong here, the .htaccess rules are excellant, and well thought out, even if they do break apache under solaris and fbsd due to conflicts. I even notice 4 different coding styles in it.

Just trying to ascertain which parts are your own creativity

Do you have alternatives compatible to Solaris and FBSD for members who might need that?

Coding styles? My .htaccess is a collection of rules, which I wrote myself and got some stuff from other 2 guys I mentioned already to give them credits.

[williamc]

2 other sources? Then who exactly is Dan who contributed the canonical bits?

Sorry, I look at things as a whole and tend to see different styles of doing things due to that. What I meant was that there are 4 different thought processes going on in the code that you pasted. You attributed 2 of them, and a third is referenced in the code itself "Dan". I would assume you were the 4th.

[Webnauts]

Quote:

Originally Posted by williamc

2 other sources? Then who exactly is Dan who contributed the canonical bits?

Sorry, I look at things as a whole and tend to see different styles of doing things due to that. What I meant was that there are 4 different thought processes going on in the code that you pasted. You attributed 2 of them, and a third is referenced in the code itself "Dan". I would assume you were the 4th.

Dan Johnson is the CTO of my company: Custom Web Design & Search Engine Marketing Consultants - SEO Workers

OK. So now we are 4. Perishable, AskApache, my CTO and me.

Happy now?

I think I should hire someone to make that in one style. maybe it will work better.

Man, I hope you are not serious. I do the members a favor here, and you go on picking me. I honestly don't get you after all. Sorry...

I think I should tell the admin to delete this thread so we can all be happy. Is that deal? I will PM him right away.

[williamc]

Quote:

Originally Posted by Webnauts

Man, I hope you are not serious. I do the members a favor here, and you go on picking me. I honestly don't get you after all. Sorry...

I think I should tell the admin to delete this thread so we can all be happy. Is that deal? I will PM him right away.

You are still missing the whole thing. I honestly think you should get some sleep mate. I was not picking on you. I was actually interested in knowing which parts were your own creativity. I had to ask because there were obviously (to me) 4 different styles. It was not meant to pick at you, merely to get to what I was interested in.

Remember, I am a coder, what other coders do always interests me. And I agree fully that the thread is a good one, however your idea of doing the whole thing by one person would probably find the conflicts and remedy them making the resulting code an even better treat for members.

[Webnauts]

Quote:

Originally Posted by williamc

You are still missing the whole thing. I honestly think you should get some sleep mate. I was not picking on you. I was actually interested in knowing which parts were your own creativity. I had to ask because there were obviously (to me) 4 different styles. It was not meant to pick at you, merely to get to what I was interested in.

I think you are right man. I am really over-tired.

Quote:

Originally Posted by williamc

Remember, I am a coder, what other coders do always interests me. And I agree fully that the thread is a good one, however your idea of doing the whole thing by one person would probably find the conflicts and remedy them making the resulting code an even better treat for members.

Any improvement suggestions would be a great idea man. I did not know that you are coder though.

Would you go for it?

Thanks man.

[edhan]

You are indeed good and helpful. I gave you a Rep for this.

Now I will be checking how I should be implementing it to all my wordpress sites. Seems to be quite lengthy and hopefully it will not affect the speed loading.

Thanks for being so nice to share.

[bobchrist]

Thanks for the link webnauts, can you suggest a good alternative of spam karma because it's no longer supported now? I am currently using akismat.

[Webnauts]

Quote:

Originally Posted by bobchrist

Thanks for the link webnauts, can you suggest a good alternative of spam karma because it's no longer supported now? I am currently using akismat.

I still have Spam Karma installed as long it works. Askimet, Bad Behaviour and Honeypot are the best I know.

[bobchrist]

^ Will check those out, thanks.

[Feydakin]

You also might want to try adding MHF to your list..

MonitorHackdFiles Tool Helps Fight Site Hackers | WebChicklet | Just a Geek Girl