- #Warning: Always backup your .htaccess file prior to making changes, and test it thoroughly.
- RewriteEngine on
- RewriteBase /
- #Force https
- RewriteCond %{HTTPS} off
- RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
- #Force www to non-www with 301 permanent redirect - works on any domain
- RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
- RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
- #redirect /index.php or index.html to / (avoid duplicates)
- RewriteRule ^(.*)index\.(php|html?)$ /$1 [R=301,NC,L]
- # block directory browsing
- Options All -Indexes
- #404's
- RedirectMatch 404 /\.git
- Redirect 404 /cgi-sys/suspendedpage.cgi
- Redirect 404 /cgi-bin/
- #Block xmlrpc.php requests
- <Files xmlrpc.php>
- order deny, allow
- deny from all
- </Files>
- # otherwise forward it to index.php
- RewriteCond %{REQUEST_FILENAME} !-f
- RewriteCond %{REQUEST_FILENAME} !-d
- RewriteRule . index.php
- #Protect Your .Htaccess File From Hackers Trying To Write New Rules
- <files ~ "^.*\.([Hh][Tt][Aa])">
- order allow,deny
- deny from all
- satisfy all
- </files>
- #Limit the file size of uploads - about 1MB
- LimitRequestBody 1240000
- #Prohibit access to /wp-includes
- RewriteRule ^wp-admin/includes/ - [F,L]
- <IfModule mod_rewrite.c>
- RewriteEngine On
- RewriteBase /
- RewriteRule ^wp-admin/includes/ - [F,L]
- RewriteRule !^wp-includes/ - [S=3]
- RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
- RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
- RewriteRule ^wp-includes/theme-compat/ - [F,L]
- </IfModule>
- # 6G FIREWALL/BLACKLIST
- # @ https://perishablepress.com/6g/
- # 6G:[QUERY STRING]
- <IfModule mod_rewrite.c>
- RewriteEngine On
- RewriteCond %{QUERY_STRING} (eval\() [NC,OR]
- RewriteCond %{QUERY_STRING} (127\.0\.0\.1) [NC,OR]
- RewriteCond %{QUERY_STRING} ([a-z0-9]{2000,}) [NC,OR]
- RewriteCond %{QUERY_STRING} (javascript:)(.*)(;) [NC,OR]
- RewriteCond %{QUERY_STRING} (base64_encode)(.*)(\() [NC,OR]
- RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[) [NC,OR]
- RewriteCond %{QUERY_STRING} (<|%3C)(.*)script(.*)(>|%3) [NC,OR]
- RewriteCond %{QUERY_STRING} (\\|\.\.\.|\.\./|~|`|<|>|\|) [NC,OR]
- RewriteCond %{QUERY_STRING} (boot\.ini|etc/passwd|self/environ) [NC,OR]
- RewriteCond %{QUERY_STRING} (thumbs?(_editor|open)?|tim(thumb)?)\.php [NC,OR]
- RewriteCond %{QUERY_STRING} (\'|\")(.*)(drop|insert|md5|select|union) [NC]
- RewriteRule .* - [F]
- </IfModule>
- # 6G:[REQUEST METHOD]
- <IfModule mod_rewrite.c>
- RewriteCond %{REQUEST_METHOD} ^(connect|debug|move|put|trace|track) [NC]
- RewriteRule .* - [F]
- </IfModule>
- # 6G:[REFERRER]
- <IfModule mod_rewrite.c>
- RewriteCond %{HTTP_REFERER} ([a-z0-9]{2000,}) [NC,OR]
- RewriteCond %{HTTP_REFERER} (semalt.com|todaperfeita) [NC]
- RewriteRule .* - [F]
- </IfModule>
- # 6G:[USER AGENT]
- <IfModule mod_setenvif.c>
- SetEnvIfNoCase User-Agent ([a-z0-9]{2000,}) bad_bot
- SetEnvIfNoCase User-Agent (archive.org|binlar|casper|checkpriv|choppy|clshttp|cmsworld|diavol|dotbot|extract|feedfinder|flicky|g00g1e|harvest|heritrix|httrack|kmccrew|loader|miner|nikto|nutch|planetwork|postrank|purebot|pycurl|python|seekerspider|siclab|skygrid|sqlmap|sucker|turnit|vikspider|winhttp|xxxyy|youda|zmeu|zune) bad_bot
- # Apache < 2.3
- <IfModule !mod_authz_core.c>
- Order Allow,Deny
- Allow from all
- Deny from env=bad_bot
- </IfModule>
- # Apache >= 2.3
- <IfModule mod_authz_core.c>
- <RequireAll>
- Require all Granted
- Require not env bad_bot
- </RequireAll>
- </IfModule>
- </IfModule>
- # 6G:[REQUEST STRING]
- <IfModule mod_alias.c>
- RedirectMatch 403 (?i)([a-z0-9]{2000,})
- RedirectMatch 403 (?i)(https?|ftp|php):/
- RedirectMatch 403 (?i)(base64_encode)(.*)(\()
- RedirectMatch 403 (?i)(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")
- ###RedirectMatch 403 (?i)/(\$(\&)?|\*|\"|\.|,|&|&?)/?$
- RedirectMatch 403 (?i)(=\\\'|=\\%27|/\\\'/?)\.
- RedirectMatch 403 (?i)(~|`|<|>|:|;|,|%|\\|\{|\}|\[|\]|\|)
- RedirectMatch 403 (?i)/(=|\$&|_mm|cgi-|muieblack)
- RedirectMatch 403 (?i)(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)
- RedirectMatch 403 (?i)\.(aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rar|rdf)$
- RedirectMatch 403 (?i)/(^$|(wp-)?config|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php
- </IfModule>