Offirmo/base-wordpress/master/backupbuddy_backup/.htaccess - Htaccess File

Offirmo/base-wordpress/master/backupbuddy_backup/.htaccess

# BEGIN iThemes Security - Do not modify or remove this line
# iThemes Security Config Details: 2
  # Enable the hide backend feature - Security > Settings > Hide Login Area > Hide Backend
  RewriteRule ^(/)?connexion/?$ /wp-login.php [QSA,L]

  # Protect System Files - Security > Settings > System Tweaks > System Files
  <files .htaccess>
    <IfModule mod_authz_core.c>
      Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
      Order allow,deny
      Deny from all
    </IfModule>
  </files>
  <files readme.html>
    <IfModule mod_authz_core.c>
      Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
      Order allow,deny
      Deny from all
    </IfModule>
  </files>
  <files readme.txt>
    <IfModule mod_authz_core.c>
      Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
      Order allow,deny
      Deny from all
    </IfModule>
  </files>
  <files install.php>
    <IfModule mod_authz_core.c>
      Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
      Order allow,deny
      Deny from all
    </IfModule>
  </files>
  <files wp-config.php>
    <IfModule mod_authz_core.c>
      Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
      Order allow,deny
      Deny from all
    </IfModule>
  </files>

  # Disable Directory Browsing - Security > Settings > System Tweaks > Directory Browsing
  Options -Indexes

  <IfModule mod_rewrite.c>
    RewriteEngine On

    # Protect System Files - Security > Settings > System Tweaks > System Files
    RewriteRule ^wp-admin/includes/ - [F]
    RewriteRule !^wp-includes/ - [S=3]
    RewriteCond %{SCRIPT_FILENAME} !^(.*)wp-includes/ms-files.php
    RewriteRule ^wp-includes/[^/]+.php$ - [F]
    RewriteRule ^wp-includes/js/tinymce/langs/.+.php - [F]
    RewriteRule ^wp-includes/theme-compat/ - [F]

    # Disable PHP in Uploads - Security > Settings > System Tweaks > Uploads
    RewriteRule ^wp-content/uploads/.*.(?:php[1-6]?|pht|phtml?)$ - [NC,F]

    # Filter Request Methods - Security > Settings > System Tweaks > Request Methods
    RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC]
    RewriteRule ^.* - [F]

    # Filter Suspicious Query Strings in the URL - Security > Settings > System Tweaks > Suspicious Query Strings
    RewriteCond %{QUERY_STRING} ../ [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*.(bash|git|hg|log|svn|swp|cvs) [NC,OR]
    RewriteCond %{QUERY_STRING} etc/passwd [NC,OR]
    RewriteCond %{QUERY_STRING} boot.ini [NC,OR]
    RewriteCond %{QUERY_STRING} ftp:  [NC,OR]
    RewriteCond %{QUERY_STRING} http:  [NC,OR]
    RewriteCond %{QUERY_STRING} https:  [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_encode.*(.*) [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(127.0).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(request|concat|insert|union|declare).* [NC]
    RewriteCond %{QUERY_STRING} !^loggedout=true
    RewriteCond %{QUERY_STRING} !^action=jetpack-sso
    RewriteCond %{QUERY_STRING} !^action=rp
    RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
    RewriteCond %{HTTP_REFERER} !^http://maps.googleapis.com(.*)$
    RewriteRule ^.* - [F]

    # Reduce Comment Spam - Security > Settings > System Tweaks > Comment Spam
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{REQUEST_URI} /wp-comments-post.php$
    RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
    RewriteCond %{HTTP_REFERER} !^https?://(([^/]+.)?88.88|jetpack.wordpress.com/jetpack-comment)(/|$) [NC]
    RewriteRule ^.* - [F]
  </IfModule>
# END iThemes Security - Do not modify or remove this line

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

On Github License

Files

Download PDF of Htaccess file
HTTP_COOKIE, HTTP_REFERER, HTTP_USER_AGENT, POST, QUERY_STRING, REQUEST_FILENAME, REQUEST_METHOD, REQUEST_URI, SCRIPT_FILENAME

Comments

Apache