A .htaccess file can be used for lots of hacks that will secure and improve functionality for WordPress blogs and websites. Following are lists of main htaccess code snippets which will improve and prevent WordPress sites from hackers. Some will allow to block specific IP addresses to visit the site, redirect visitors to maintenance page when particular site is redesigned or modified, prevent IP addresses to login into the wordpress admin section etc.
Blacklist undesired users and bots ip address
<?php /* Online PHP Examples with Source Code website: http://4evertutorials.blogspot.com/ */order allow,deny allow from all deny from 132.151.389 deny from 91.131.784 deny from 773.966.769 deny from 178.406.880 ?>
Redirect visitors to a maintenance page
<?php
/*
Online PHP Examples with Source Code
website: http://4evertutorials.blogspot.com/
*/
RewriteEngine on
RewriteCond %{REQUEST_URI} !/maintenance.php$
RewriteCond %{REMOTE_ADDR} !^123.123.123.123
RewriteRule $ /maintenance.php [R=302,L]
?>
Redirect www to non www or vice versa
<?php
/*
Online PHP Examples with Source Code
website: http://4evertutorials.blogspot.com/
*/
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^www.yourblogpath.com [NC]
RewriteRule ^(.*)$ http://yourblogpath.com/$1 [L,R=301]
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^yourblogpath.com [NC]
RewriteRule ^(.*)$ http://www.yourblogpath.com/$1 [L,R=301]
?>
Force Caching with htaccess
The following htaccess code won’t help the initial pageload, but it will significantly help subsequent pageloads by sending 304 statuses when requested elements haven’t been modified.
<?php /* Online PHP Examples with Source Code website: http://4evertutorials.blogspot.com/ */ FileETag MTime Size ExpiresActive on ExpiresDefault "access plus x seconds" ?>
Allow only your IP adress on the wp-admin directory
Replace your IP with allow from xx.xx.xx.xx which will only allow your IP to access wp-admin directory.
<?php /* Online PHP Examples with Source Code website: http://4evertutorials.blogspot.com/ */ AuthUserFile /dev/null AuthGroupFile /dev/null AuthName "Wordpress Admin Access Control" AuthType Basicorder deny,allow deny from all allow from xx.xx.xx.xx ?>
The easiest way to ban a WordPress spammer
To block certain IP address from accessing your blog enter the following code into .htaccess file and replace example IP address with the one you want to ban.
To block certain IP address from accessing your blog enter the following code into .htaccess file and replace example IP address with the one you want to ban.
<?php /* Online PHP Examples with Source Code website: http://4evertutorials.blogspot.com/ */ ## USER IP BANNINGorder allow,deny deny from 670.45.145.125 allow from all ?>
Deny access to your wp-config.php file
<?php /* Online PHP Examples with Source Code website: http://4evertutorials.blogspot.com/ */ # protect wpconfig.phporder allow,deny deny from all ?>
Limit the File upload size to 10MB
<?php /* Online PHP Examples with Source Code website: http://4evertutorials.blogspot.com/ */ # limit file uploads to 10mb LimitRequestBody 10240000 ?>
Password protected directories
A simple way to password protect blog directories
<?php /* Online PHP Examples with Source Code website: http://4evertutorials.blogspot.com/ */ AuthType Basic AuthName "restricted area" AuthUserFile /usr/local/var/www/html/.htpasses require valid-user ?>
Quickly secure plugin files
WordPress plugin files might have a loop hole and may allow hackers to get into your website. To prevent others to have direct access to plugin files use following code.
<?php /* Online PHP Examples with Source Code website: http://4evertutorials.blogspot.com/ */order allow,deny allow from all ?>
 file is the common name of a directory-level configuration file which allows decentralised management of ...){kind=link}
0 comments:
Post a Comment