For Those Asking For A Better .htaccess Script

I do quite a bit of hacking for folks whom want their Sites a little bit more secure. Nothing, though, is completely secure which is why the Term Back Up ought be chiseled upon one’s brain. Anyway, one of our Donors asked what .htaccess set up would be good and the below is what I hammered out. It is pretty basic and does not include the .htaccess for the /wp-content folder which I will write upon later. With that said, simply replace the “www.mysite.com” with your actual web address. If you do not use www like me, simply drop that part.

# protect the htaccess file
<files .htaccess>
order allow,deny
deny from all
</files>

# disable the server signature
ServerSignature Off

# limit file uploads to 10mb
LimitRequestBody 10240000

# protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all
</files>

#who has access who doesnt
order allow,deny
#deny from 000.000.000.000
allow from all

#custom error docs
ErrorDocument 404 /notfound.php
ErrorDocument 403 /forbidden.php
ErrorDocument 500 /error.php

# disable directory browsing
Options All -Indexes

#redirect old to new
Redirect 301 /old.php http://www.mysite.com/new.php

#block referring domains
RewriteEngine on
RewriteCond %{HTTP_REFERER} digg\.com [NC]
RewriteRule .* – [F]

#disable hotlinking of images with forbidden or custom image option
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?www.mysite.com/.*$ [NC]
#RewriteRule \.(gif|jpg)$ – [F]
#RewriteRule \.(gif|jpg)$ http://www.www.mysite.com/stealingisbad.gif [R,L]

# php compression – use with caution
<ifmodule mod_php4.c>
php_value zlib.output_compression 16386
</ifmodule>

# set the canonical url
RewriteEngine On
RewriteCond %{HTTP_HOST} ^mysite\.com$ [NC]
RewriteRule ^(.*)$ http://www.mysite.com/$1 [R=301,L]

# protect from spam comments
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*mysite.com.* [OR]
RewriteCond %{HTTP_– USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

 

If you are getting ready to put a website together and need a Consultant, why not drop a line to me today!

Search

Click To Advertise

Click To Apply

Credible Application

You must be logged in to post a comment Login