Submit Your Article Forum Rules

Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: Wordpress SEO & Security Friendly .htaccess & Pugins

  1. #1
    WebProWorld MVP Webnauts's Avatar
    Join Date
    Aug 2003
    Location
    European Community
    Posts
    8,925

    Thumbs up Wordpress SEO & Security Friendly .htaccess & Pugins

    After reading this article https://wpsecurity.net/155-reasons-w...tter-security/ I thought of sharing with you a sample .htaccess file I have created and use myself for my Wordpress blogs to enhance their on-page search engine optimization and security.

    If you want to use it free free, but under your own responsibility. Comments are also appreciated.

    Here somes the code (3 posts long):

    ### Turning on the RewriteEngine ####
    RewriteEngine on
    RewriteBase /
    ServerSignature Off
    Options All -Indexes
    Options +FollowSymLinks
    Options -MultiViews

    # BEGIN wordpress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    # END wordpress

    ### If you use a mobile version plugin ###
    RewriteCond %{HTTP_USER_AGENT} !^.+(iPhone|iPod|aspen|dream|incognito|webmate|Bla ckBerry9500|BlackBerry9530)

    ### Require the www to avoid cannonicalization issues by Dan ###
    RewriteCond %{HTTP_HOST} !^www\.wordpressdemo\.com [NC]
    RewriteRule ^(.*)$ http://www.wordpressdemo.com/$1 [L,R=301]

    ### Require to add trailing slash if not present to avoid cannonicalization issues ###
    RewriteCond %{HTTP_HOST} !^www\.wordpressdemo\.com [NC]
    RewriteCond %{HTTP_HOST} !^$
    RewriteRule ^/(.*) http://www.wordpressdemo.com/$1 [L,R]

    ### Redirect index.html to / ######
    RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*index\.html?\ HTTP/
    RewriteRule ^(.*)index\.html?$ http://www.wordpressdemo.com/$1 [R=301,L]

    ### Redirect index.html to / ######
    RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*index\.htm?\ HTTP/
    RewriteRule ^(.*)index\.htm?$ http://www.wordpressdemo.com/$1 [R=301,L]

    ### Redirect index.php to / ######
    RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*index\.php?\ HTTP/
    RewriteRule ^(.*)index\.php?$ http://www.wordpressdemo.com/$1 [R=301,L]

    <FilesMatch "robots\.txt">
    Header set X-Robots-Tag "noindex"
    </FilesMatch>

    <FilesMatch "\.(js|xml)$">
    Header set X-Robots-Tag "noindex,follow,noarchive,nosnippet"
    </FilesMatch>

    ### Set the Server Administrator. Email Admin upon error ###
    ServerSignature EMail
    SetEnv SERVER_ADMIN info@wordpressdemo.com

    ### Set the server timezone ###
    SetEnv TZ America/Los_Angeles

    ### Enable MD5 digests via ContentDigest ###
    ContentDigest On

    ### Charset, Content Type & Language ###
    AddDefaultCharset UTF-8
    AddLanguage en-US .html .htm .css .js .php .pl
    AddType 'text/html; charset=UTF-8' .html

    ### Remove IE imagetoolbar. META HTTP-EQUIV REPLACEMENTS ####
    <FilesMatch "\.(html|htm|php)$">
    Header set Imagetoolbar "no"
    </FilesMatch>

    ########## Files Compression ##########
    #<FilesMatch "\.(html|js|css|png|jpeg|jpg|gif|php)$">
    # SetOutputFilter DEFLATE
    #</FilesMatch>

    <FilesMatch "\.(txt|xml)$">
    Header set X-Robots-Tag "noindex,follow,noarchive,nosnippet"
    </FilesMatch>

    ### Rules to save brandwidth ###
    SetEnvIfNoCase ^If-Modified-Since$ "(.+)" HTTP_IF_MODIFIED_SINCE=$1
    SetEnvIfNoCase ^If-None-Match$ "(.+)" HTTP_IF_NONE_MATCH=$1

    ### Expires Headers to Images ###
    ExpiresActive On
    ExpiresByType image/gif A2592000
    ExpiresByType image/png A2592000
    ExpiresByType image/jpg A2592000
    ExpiresByType image/jpeg A2592000

    ##### Security settings #####

    ## LIMIT UPLOAD FILE SIZE TO PROTECT AGAINST DOS ATTACK by limiting file size to 0-2147483647 bytes, (2GB)###
    LimitRequestBody 10240000

    php_flag register_globals off

    ### Prevent .htaccess, .htpasswd and other files from being viewed by web clients ###
    <FilesMatch "\.(htaccess|htpasswd|ini|phps|fla|psd|log|sh) $">
    Order Allow,Deny
    Deny from all
    </FilesMatch>
    John S. Britsios, Forensic SEO & Social Semantic Web Consultant | SEO Workers | Webnauts Net

  2. #2
    WebProWorld MVP Webnauts's Avatar
    Join Date
    Aug 2003
    Location
    European Community
    Posts
    8,925

    Arrow Re: Wordpress SEO & Security friendly .htaccess & Plugins

    (Part of the script below was contributed by Jeff Starr of Perishable Press. The original code is located here: "The Perishable Press 4G Blacklist")

    # FILTER REQUEST METHODS
    <IfModule mod_rewrite.c>
    RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC]
    RewriteRule ^(.*)$ - [F,L]
    </IfModule>

    # BLACKLIST CANDIDATES
    <Limit GET POST PUT>
    Order Allow,Deny
    Allow from all
    Deny from 75.126.85.215 "# blacklist candidate 2008-01-02 = admin-ajax.php attack "
    Deny from 128.111.48.138 "# blacklist candidate 2008-02-10 = cryptic character strings "
    Deny from 87.248.163.54 "# blacklist candidate 2008-03-09 = block administrative attacks "
    Deny from 84.122.143.99 "# blacklist candidate 2008-04-27 = block clam store loser "
    Deny from 210.210.119.145 "# blacklist candidate 2008-05-31 = block _vpi.xml attacks "
    Deny from 66.74.199.125 "# blacklist candidate 2008-10-19 = block mindless spider running "
    Deny from 203.55.231.100 "# 1048 attacks in 60 minutes"
    Deny from 24.19.202.10 "# 1629 attacks in 90 minutes"
    </Limit>

    # QUERY STRING EXPLOITS
    <IfModule mod_rewrite.c>
    RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
    RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
    RewriteCond %{QUERY_STRING} tag\= [NC,OR]
    RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
    RewriteCond %{QUERY_STRING} http\: [NC,OR]
    RewriteCond %{QUERY_STRING} https\: [NC,OR]
    RewriteCond %{QUERY_STRING} mosConfig [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|'|"|;|\?|\*).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(%22|%27|%3C|%3E|%5C|%7B|%7C).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(globals|encode|config|localhost|loopback).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare|drop).* [NC]
    RewriteRule ^(.*)$ - [F,L]
    </IfModule>

    # CHARACTER STRINGS
    <IfModule mod_alias.c>
    # BASIC CHARACTERS (Changed from 403 to 404 by John)
    RedirectMatch 404 \,
    RedirectMatch 404 \:
    RedirectMatch 404 \;
    RedirectMatch 404 \=
    RedirectMatch 404 \@
    RedirectMatch 404 \[
    RedirectMatch 404 \]
    RedirectMatch 404 \^
    RedirectMatch 404 \`
    RedirectMatch 404 \{
    RedirectMatch 404 \}
    RedirectMatch 404 \~
    RedirectMatch 404 \"
    RedirectMatch 404 \$
    RedirectMatch 404 \<
    RedirectMatch 404 \>
    RedirectMatch 404 \|
    RedirectMatch 404 \.\.
    RedirectMatch 404 \/\/
    RedirectMatch 404 \%0
    RedirectMatch 404 \%A
    RedirectMatch 404 \%B
    RedirectMatch 404 \%C
    RedirectMatch 404 \%D
    RedirectMatch 404 \%E
    RedirectMatch 404 \%F
    RedirectMatch 404 \%22
    RedirectMatch 404 \%27
    RedirectMatch 404 \%28
    RedirectMatch 404 \%29
    RedirectMatch 404 \%3C
    RedirectMatch 404 \%3E
    RedirectMatch 404 \%3F
    RedirectMatch 404 \%5B
    RedirectMatch 404 \%5C
    RedirectMatch 404 \%5D
    RedirectMatch 404 \%7B
    RedirectMatch 404 \%7C
    RedirectMatch 404 \%7D
    # COMMON PATTERNS
    Redirectmatch 403 \_vpi
    RedirectMatch 403 \.inc
    Redirectmatch 403 xAou6
    Redirectmatch 403 db\_name
    Redirectmatch 403 select\(
    Redirectmatch 403 convert\(
    Redirectmatch 403 \/query\/
    RedirectMatch 403 ImpEvData
    Redirectmatch 403 \.XMLHTTP
    Redirectmatch 403 proxydeny
    RedirectMatch 403 function\.
    Redirectmatch 403 remoteFile
    Redirectmatch 403 servername
    Redirectmatch 403 \&rptmode\=
    Redirectmatch 403 sys\_cpanel
    RedirectMatch 403 db\_connect
    RedirectMatch 403 doeditconfig
    RedirectMatch 403 check\_proxy
    Redirectmatch 403 system\_user
    Redirectmatch 403 \/\(null\)\/
    Redirectmatch 403 clientrequest
    Redirectmatch 403 option\_value
    RedirectMatch 403 ref\.outcontrol
    # SPECIFIC EXPLOITS
    RedirectMatch 403 errors\.
    RedirectMatch 403 config\.
    RedirectMatch 403 include\.
    RedirectMatch 403 display\.
    RedirectMatch 403 register\.
    Redirectmatch 403 password\.
    RedirectMatch 403 maincore\.
    RedirectMatch 403 authorize\.
    Redirectmatch 403 macromates\.
    RedirectMatch 403 head\_auth\.
    RedirectMatch 403 submit\_links\.
    RedirectMatch 403 change\_action\.
    Redirectmatch 403 com\_facileforms\/
    RedirectMatch 403 admin\_db\_utilities\.
    RedirectMatch 403 admin\.webring\.docs\.
    Redirectmatch 403 Table\/Latest\/index\.
    </IfModule>

    ### Safe Request Methods - Denies any request not using GET,PROPFIND,POST,OPTIONS,PUT,HEAD ###
    RewriteCond %{REQUEST_METHOD} !^(GET|HEAD|POST|PROPFIND|OPTIONS|PUT)$ [NC]
    RewriteRule .* - [F,NS,L]

    ### Injection Attack: DECLARE, SET and CAST. More: http://www.informationtechnologymanager.net/?p=25 ###
    RewriteCond %{REQUEST_URI} ^/(,|;|<|>|”>|”<|/|\\\.\.\\).{0,9999}.* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(;|<|>|’|”|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|updat e|md5|benchmark).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(<|>|’|%0A|%0D|%27|%3C|%3E|%00).* [NC]
    RewriteRule ^(.*)$ http://www.gojumpinariver.com
    John S. Britsios, Forensic SEO & Social Semantic Web Consultant | SEO Workers | Webnauts Net

  3. #3
    WebProWorld MVP Webnauts's Avatar
    Join Date
    Aug 2003
    Location
    European Community
    Posts
    8,925

    Arrow Re: Wordpress SEO & Security friendly .htaccess & Plugins

    (Part of the script below was contributed by John. S. Britsios of SEO Workers & askapache.com.)

    ### Real wp-comments-post.php - Denies any POST attempt made to a non-existing wp-comments-post.php ###
    RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*/wp-comments-post\.php.*\ HTTP/ [NC]
    RewriteRule .* - [F,NS,L]

    ### HTTP PROTOCOL - Denies any badly formed HTTP PROTOCOL in the request, 0.9, 1.0, and 1.1 only ###
    RewriteCond %{THE_REQUEST} !^[A-Z]{3,9}\ .+\ HTTP/(0\.9|1\.0|1\.1) [NC]
    RewriteRule .* - [F,NS,L]

    ### BAD Content Length - Denies any POST request that doesnt have a Content-Length Header ###
    RewriteCond %{REQUEST_METHOD} =POST
    RewriteCond %{HTTP:Content-Length} ^$
    RewriteCond %{REQUEST_URI} !^/(wp-admin/|wp-content/plugins/|wp-includes/).* [NC]
    RewriteRule .* - [F,NS,L]

    ### BAD Content Type - Denies any POST request with a content type other than application/x-www-form-urlencoded|multipart/form-data ###
    RewriteCond %{REQUEST_METHOD} =POST
    RewriteCond %{HTTP:Content-Type} !^(application/x-www-form-urlencoded|multipart/form-data.*(boundary.*)?)$ [NC]
    RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]
    RewriteRule .* - [F,NS,L]

    ### NO HOST - Denies requests that dont contain a HTTP HOST Header ###
    RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]
    RewriteCond %{HTTP_HOST} ^$
    RewriteRule .* - [F,NS,L]

    ### Bogus Graphics Exploit - Denies obvious exploit using bogus graphics ###
    RewriteCond %{HTTP:Content-Disposition} \.php [NC]
    RewriteCond %{HTTP:Content-Type} image/.+ [NC]
    RewriteRule .* - [F,NS,L]

    ### This also will catch a lot of spammers ###
    RewriteCond %{HTTP:VIA} ^.+pinappleproxy [NC]
    RewriteRule .* - [F]


    ### Deny Fake Bots ###
    BrowserMatch "^Java/?[1-9_\.]*" bad_bot
    BrowserMatch "^MJ12bot/?[1-9_\.]*" bad_bot
    SetEnvIfNoCase User-Agent "^8484 Boston Project/?[1-9_\.]*" bad_bot
    SetEnvIfNoCase User-Agent "charlotte/" bad_bot
    SetEnvIfNoCase User-Agent "curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5" bad_bot
    SetEnvifNoCase User-Agent "^Heritrix/" bad_bot
    SetEnvIfNoCase User-Agent "ia_archiver" bad_bot
    SetEnvIfNoCase User-Agent "larbin/" bad-bot
    SetEnvIfNoCase User-Agent "libwww-perl"" bad_bot
    SetEnvIfNoCase User-Agent "^libcurl-agent/" bad_bot
    SetEnvifNoCase User-Agent "IRC-Bbot" bad_bot
    SetEnvifNoCase User-Agent "ISC Systems iRc Search 2.1" bad_bot
    SetEnvIfNoCase User-Agent "^Jakarta\ Commons-HttpClient/" bad_bot
    SetEnvIfNoCase User-Agent "^Java/" bad_bot
    SetEnvIfNoCase User-Agent "^Microsoft\ URL\ Control.*$" bad_bot
    SetEnvIfNoCase User-Agent "^MJ12bot/" bad_bot
    SetEnvIfNoCase User-Agent "MJ12bot/v1.0.8" bad_bot
    SetEnvIfNoCase User-Agent "^Missigua Locator" bad_bot
    SetEnvIfNoCase User-Agent "^Mozilla/4\.0\ .*Win\ 9x\ 4\.90.*$" bad_bot
    SetEnvIfNoCase User-Agent "Nutch" bad_bot
    SetEnvIfNoCase User-Agent "^PEAR HTTP_Request class" bad_bot
    SetEnvIfNoCase User-Agent "phpversion" bad_bot
    SetEnvIfNoCase User-Agent "^psycheclone" bad_bot
    SetEnvIfNoCase User-Agent "^TencentTraveler" bad_bot
    SetEnvIfNoCase User-Agent "^Web Downloader" bad_bot
    SetEnvIfNoCase User-Agent "^Wells Search II" bad_bot
    SetEnvIfNoCase User-Agent "^WEP Search 00" bad_bot
    <Limit GET POST>
    Order Allow,Deny
    Allow from all
    Deny from env=bad_bot
    </Limit>

    # Known Bad Bots
    RewriteCond %{HTTP_USER_AGENT} ADSARobot|ah-ha|almaden|aktuelles|Anarchie|amzn_assoc|Arachmo|A SPSeek|ASSORT|ATHENS|Atomz|attach|attache|autoemai lspider|BackWeb|Bandit|BatchFTP|bdfetch|Bbot|Becom eBot|big.brother|Bitacle|BlackWidow|bmclient|boith o.com-dc|Boston\ Project|bot/1.0|BravoBrian\ SpiderEngine\ MarcoPolo|Bot\ mailto:craftbot@yahoo.com|Buddy|Bullseye|bumblebee |capture|CherryPicker|ChinaClaw|CICC|clipping|Clus hbot|Collector|Copier|Crescent|Crescent\ Internet\ ToolPak|Custo|cyberalert|Deweb|diagem|Digger|Digim arc|DIIbot|DISCo|DISCo\ Pump|DISCoFinder|Download\ Demon|Download\ Wonder|Downloader|Drip|DSurf15a|DTS.Agent|EasyDL|e Catch|ecollector|efp@gmx\.net|Email\ Extractor|EirGrabber|email|EmailCollector|EmailSip hon|EmailWolf|Express\ WebPictures|ExtractorPro|EyeNetIE|FavOrg|fastlwspi der|Favorites\ Sweeper|Fetch|FEZhead|FileHound|FlashGet\ WebWasher|FlickBot|fluffy|FrontPage|GalaxyBot|Gene ric|Getleft|GetRight|GetSmart|GetWeb!|GetWebPage|g igabaz|Girafabot|Go\!Zilla|Go!Zilla|Go-Ahead-Got-It|GornKer|gotit|Grabber|GrabNet|Grafula|Green\ Research|grub-client|Harvest|heritrix|hhjhj@yahoo|hloader|HMView |HomePageSearch|http\ generic|HTTrack|httpdown|httrack|ia_archiver|IBM_P lanetwide|Image\ Stripper|Image\ Sucker|imagefetch|IncyWincy|Indy*Library|Indy\ Library|informant|Ingelin|InterGET|Internet\ Ninja|InternetLinkagent|Internet\ Ninja|InternetSeer\.com|Iria|Irvine|JBH*agent|JetC ar|JOC|JOC\ Web\ Spider|JustView|kalooga|KWebGet|Lachesis|larbin|Le acher|LeechFTP|LexiBot|lftp|likse|Link|Link*Sleuth |LINKS\ ARoMATIZED|LinkWalker|LWP|lwp-trivial|Mag-Net|Magnet|Mac\ Finder|Mag-Net|Mass\ Downloader|MCspider|MJ12bot/v1\.0\.8|Memo|Microsoft.URL|MIDown\ tool|Mirror|Missigua\ Locator|Mister\ PiX|MMMtoCrawl\/UrlDispatcherLLL|monit|^Mozilla$|Mozilla.*Indy|Moz illa.*NEWT|Mozilla*MSIECrawler|MS\ FrontPage*|MSFrontPage|MSIECrawler|MSProxy|MSR-ISRCCrawler|multithreaddb|my-heritrix-crawler|nationaldirectory|Navroad|NearSite|NetAnts |NetCarta|NetMechanic|netprospector|NetResearchSer ver|NetSpider|Net\ Vampire|NetZIP|NetZip\ Downloader|NetZippy|NEWT|NICErsPRO|Ninja|NPBot|Nic heBot|noxtrumbot|Octopus|Offline\ Explorer|Offline\ Navigator|OmniExplorer|OpaL|Openfind|OpenTextSiteC rawler|OrangeBot|PageGrabber|Papa\ Foto|PackRat|pavuk|pcBrowser|PersonaPilot|Ping|Pin gALink|Pingdom|Pockey|POE-Component-Client-HTTP|Powermarks|Proxy|psbot|PSurf|psycheclone|puf| Pump|PushSite|QRVA|RealDownload|Reaper|Recorder|Re Get|replacer|RepoMonkey|Robozilla|Rover|RPT-HTTPClient|Rsync|Scooter|SearchExpress|searchhippo |searchterms\.it|Second\ Street\ Research|Seeker|Shai|Siphon|sitecheck|sitecheck.in ternetseer.com|SiteSnagger|SlySearch|SmartDownload |snagger|Snake|SpaceBison|Spegla|SpiderBot|sproose |SqWorm|Stripper|Sucker|SuperBot|SuperHTTP|Surfbot |SurfWalker|Szukacz|tAkeOut|tarspider|Teleport\ Pro|Templeton|TencentTraveler|TrueRobot|TV33_Merca tor|UIowaCrawler|UtilMind|URLSpiderPro|URL_Spider_ Pro|Vacuum|vagabondo|vayala|visibilitygap|VoidEYE| vspider|Web\ Downloader|w3mir|Web\ Data\ Extractor|Web\ Image\ Collector|Web\ Sucker|Wweb|WebAuto|WebBandit|web\.by\.mail|Webcli pping|webcollage|webcollector|WebCopier|webcraft@b ea|webdevil|webdownloader|Webdup|WebEMailExtrac|We bFetch|WebGo\ IS|WebHook|Webinator|WebLeacher|WEBMASTERS|WebMine r|WebMirror|webmole|WebReaper|WebSauger|Website|We bsite\ eXtractor|Website\ Quester|WebSnake|Webster|WebStripper|websucker|web vac|webwalk|webweasel|WebWhacker|WebZIP|Wget|Whack er|whizbang|WhosTalking|Widow|WinHTTP|WISEbot|WWWO FFLE|x-Tractor|^Xaldon\ WebSpider|WUMPUS|Xenu|XGET|Yeti|zermelo|Zeus.*Webs ter|Zeus [NC]
    RewriteRule ^.* - [F,L]

    # Bots starting with Web
    RewriteCond %{HTTP_USER_AGENT} ^web(zip|emaile|enhancer|fetch|go.?is|auto|bandit| clip|copier|master|reaper|sauger|site.?quester|wha ck) [NC,OR]

    # Anywhere in UA -- Greedy REGEX
    RewriteCond %{HTTP_USER_AGENT} ^.*(craftbot|download|extract|stripper|sucker|ninj a|clshttp|webspider|leacher|collector|grabber|webp ictures).*$ [NC]
    RewriteRule ^.* - [F,L]

    ### Stop browser prefetching ####
    SetEnvIfNoCase X-Forwarded-For .+ proxy=yes
    SetEnvIfNoCase X-moz prefetch no_access=yes[/CODE]Be aware that I am using some other plugins for the purposes I mentioned above. These rules are an addition to all those plugins rules.
    John S. Britsios, Forensic SEO & Social Semantic Web Consultant | SEO Workers | Webnauts Net

  4. #4

  5. #5
    WebProWorld MVP Webnauts's Avatar
    Join Date
    Aug 2003
    Location
    European Community
    Posts
    8,925

    Thumbs up Re: Wordpress SEO & Security friendly .htaccess & Plugins

    I hope my thread will be useful for you too. And who knows? Maybe its becomes a sticky.

    Take care,

    John
    John S. Britsios, Forensic SEO & Social Semantic Web Consultant | SEO Workers | Webnauts Net

  6. #6
    WebProWorld MVP Webnauts's Avatar
    Join Date
    Aug 2003
    Location
    European Community
    Posts
    8,925

    Re: Wordpress SEO & Security Friendly .htaccess & Pugins

    I just wanted to mention here that I created a part of the above .htaccess file myself and some parts were taken from Perishable Press :: Digital Design and Dialogue ~ and AskApache - Crazy Advanced Web Development for server admins, wordpress bloggers, programmers, and hackers with topics and tools for Htaccess Rewrites, Linux and bash, PHP networking with cURL, SEO. which some parts I edited (removing - modifying - adding) stuff.

    I recommend visiting their sites, as they are definitely great resources.

    Good luck.
    John S. Britsios, Forensic SEO & Social Semantic Web Consultant | SEO Workers | Webnauts Net

  7. #7
    WebProWorld MVP Orion's Avatar
    Join Date
    Sep 2003
    Location
    Halton Hills, Ontario
    Posts
    707

    Re: Wordpress SEO & Security Friendly .htaccess & Pugins

    WOW.. Awesome stuff!

    Once again, thank you Webnauts for making us the benefactors of your research! Course now we all have to work some of it backwards to figure it out lol..

    Thanks,
    Ron Boyd
    http://ronboyd.ca Follow me: @boydrw

  8. #8
    Senior Member
    Join Date
    Sep 2006
    Posts
    359

    Re: Wordpress SEO & Security Friendly .htaccess & Pugins

    I don't use wordpress so out of curiosity, is this supposed to go on your own webserver or is it on a shared server or what?

  9. #9
    WebProWorld MVP Webnauts's Avatar
    Join Date
    Aug 2003
    Location
    European Community
    Posts
    8,925

    Lightbulb Re: Wordpress SEO & Security Friendly .htaccess & Pugins

    Quote Originally Posted by Dinghus View Post
    I don't use wordpress so out of curiosity, is this supposed to go on your own webserver or is it on a shared server or what?
    This can work if you are on an Apache hosting, and your provider allows you to edit the .htaccess file.

    I use this rules on my static web sites, though taking out the lines:

    ### Real wp-comments-post.php - Denies any POST attempt made to a non-existing wp-comments-post.php ###
    RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*/wp-comments-post\.php.*\ HTTP/ [NC]
    RewriteRule .* - [F,NS,L]

    ### HTTP PROTOCOL - Denies any badly formed HTTP PROTOCOL in the request, 0.9, 1.0, and 1.1 only ###
    RewriteCond %{THE_REQUEST} !^[A-Z]{3,9}\ .+\ HTTP/(0\.9|1\.0|1\.1) [NC]
    RewriteRule .* - [F,NS,L]

    ### BAD Content Length - Denies any POST request that doesnt have a Content-Length Header ###
    RewriteCond %{REQUEST_METHOD} =POST
    RewriteCond %{HTTP:Content-Length} ^$
    RewriteCond %{REQUEST_URI} !^/(wp-admin/|wp-content/plugins/|wp-includes/).* [NC]
    RewriteRule .* - [F,NS,L]

    ### BAD Content Type - Denies any POST request with a content type other than application/x-www-form-urlencoded|multipart/form-data ###
    RewriteCond %{REQUEST_METHOD} =POST
    RewriteCond %{HTTP:Content-Type} !^(application/x-www-form-urlencoded|multipart/form-data.*(boundary.*)?)$ [NC]
    RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]
    RewriteRule .* - [F,NS,L]

    ### NO HOST - Denies requests that dont contain a HTTP HOST Header ###
    RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]
    RewriteCond %{HTTP_HOST} ^$
    RewriteRule .* - [F,NS,L]

    ### Bogus Graphics Exploit - Denies obvious exploit using bogus graphics ###
    RewriteCond %{HTTP:Content-Disposition} \.php [NC]
    RewriteCond %{HTTP:Content-Type} image/.+ [NC]
    RewriteRule .* - [F,NS,L]

    ### This also will catch a lot of spammers ###
    RewriteCond %{HTTP:VIA} ^.+pinappleproxy [NC]
    RewriteRule .* - [F]

    Attention! I can not provide any guarantees if it will work in all cases. If you feel like trying it out with your responsibility, go ahead.
    John S. Britsios, Forensic SEO & Social Semantic Web Consultant | SEO Workers | Webnauts Net

  10. #10
    WebProWorld MVP williamc's Avatar
    Join Date
    Jul 2003
    Location
    On a really big hill in Kentucky
    Posts
    4,538

    Re: Wordpress SEO & Security Friendly .htaccess & Pugins

    John, was wordpressdemo.com your domain? If not which parts of the script did you actually create?

    Curious.
    William Cross
    Web Development by Those Damn Coders
    Firearm Friendly Websites because our constitution matters

Similar Threads

  1. 301 reditects, .htaccess and Wordpress
    By morestar in forum IT Discussion Forum
    Replies: 24
    Last Post: 11-24-2009, 07:02 PM
  2. Need help on wordpress .htaccess
    By loosapphire in forum Search Engine Optimization Forum
    Replies: 11
    Last Post: 10-09-2009, 04:00 AM
  3. WordPress Security Review
    By Webnauts in forum Internet Security Discussion Forum
    Replies: 0
    Last Post: 09-05-2008, 08:55 PM
  4. WordPress htaccess issues
    By imsickofwebpro in forum Web Programming Discussion Forum
    Replies: 6
    Last Post: 01-18-2008, 09:59 PM
  5. .htaccess / ModRewrite not allowed for security reasons?
    By cyberious in forum Web Programming Discussion Forum
    Replies: 5
    Last Post: 10-30-2003, 12:59 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •