php htaccess性能wordpress速度缓存和安全性默认

Posted 2021-05-04

# Block User ID Phishing Requests
<IfModule mod_rewrite.c>
RewriteCond %{QUERY_STRING} ^author=([0-9]*)
RewriteRule .* http://dasendedesinternet.de/? [L,R=302]
</IfModule>

<IfModule mod_expires.c>
ExpiresActive on
ExpiresDefault                                      "access plus 1 month"

# CSS
ExpiresByType text/css                              "access plus 2 days"

# Data interchange
ExpiresByType application/atom+xml                  "access plus 1 hour"
ExpiresByType application/rdf+xml                   "access plus 1 hour"
ExpiresByType application/rss+xml                   "access plus 1 hour"

ExpiresByType application/json                      "access plus 0 seconds"
ExpiresByType application/ld+json                   "access plus 0 seconds"
ExpiresByType application/schema+json               "access plus 0 seconds"
ExpiresByType application/vnd.geo+json              "access plus 0 seconds"
ExpiresByType application/xml                       "access plus 0 seconds"
ExpiresByType text/xml                              "access plus 0 seconds"

# Favicon (cannot be renamed!) and cursor images
ExpiresByType image/vnd.microsoft.icon              "access plus 1 week"
ExpiresByType image/x-icon                          "access plus 1 week"

# HTML - Behält die Website eine Stunde im Cache, neues wird erst nach Ablauf einer Stunde
# angezeigt. Wenn nicht gewuenscht, bei 3600 eine Null eintragen
ExpiresByType text/html                             "access plus 3600 seconds"

# JavaScript
ExpiresByType application/javascript                "access plus 1 year"
ExpiresByType application/x-javascript              "access plus 1 year"
ExpiresByType text/javascript                       "access plus 1 year"

# Manifest files
ExpiresByType application/manifest+json             "access plus 1 week"
ExpiresByType application/x-web-app-manifest+json   "access plus 0 seconds"
ExpiresByType text/cache-manifest                   "access plus 0 seconds"

# Media files
ExpiresByType audio/ogg                             "access plus 1 month"
ExpiresByType image/bmp                             "access plus 1 month"
ExpiresByType image/gif                             "access plus 1 month"
ExpiresByType image/jpeg                            "access plus 1 month"
ExpiresByType image/png                             "access plus 1 month"
ExpiresByType image/svg+xml                         "access plus 1 month"
ExpiresByType image/webp                            "access plus 1 month"
ExpiresByType video/mp4                             "access plus 1 month"
ExpiresByType video/ogg                             "access plus 1 month"
ExpiresByType video/webm                            "access plus 1 month"

# Web fonts

# Embedded OpenType (EOT)
ExpiresByType application/vnd.ms-fontobject         "access plus 1 month"
ExpiresByType font/eot                              "access plus 1 month"

# OpenType
ExpiresByType font/opentype                         "access plus 1 month"

# TrueType
ExpiresByType application/x-font-ttf                "access plus 1 month"

# Web Open Font Format (WOFF) 1.0
ExpiresByType application/font-woff                 "access plus 1 month"
ExpiresByType application/x-font-woff               "access plus 1 month"
ExpiresByType font/woff                             "access plus 1 month"

# Web Open Font Format (WOFF) 2.0
ExpiresByType application/font-woff2                "access plus 1 month"

# Other
ExpiresByType text/x-cross-domain-policy            "access plus 1 week"
</IfModule>

<IfModule mod_deflate.c>
# Insert filters / compress text, html, javascript, css, xml:
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/vtt
AddOutputFilterByType DEFLATE text/x-component
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/js
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/x-httpd-php
AddOutputFilterByType DEFLATE application/x-httpd-fastphp
AddOutputFilterByType DEFLATE application/atom+xml
AddOutputFilterByType DEFLATE application/json
AddOutputFilterByType DEFLATE application/ld+json
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/font-woff2
AddOutputFilterByType DEFLATE application/x-font-woff
AddOutputFilterByType DEFLATE application/x-web-app-manifest+json font/woff
AddOutputFilterByType DEFLATE font/woff
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/x-icon

# Exception: Images
SetEnvIfNoCase REQUEST_URI \.(?:gif|jpg|jpeg|png|svg)$ no-gzip dont-vary

# Drop problematic browsers
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html

# Make sure proxies don't deliver the wrong content
Header append Vary User-Agent env=!dont-vary
</IfModule>

#Alternative caching using Apache's "mod_headers", if it's installed.
#Caching of common files - ENABLED
<IfModule mod_headers.c>
<FilesMatch "\.(ico|pdf|flv|swf|js|css|gif|png|jpg|jpeg|txt)$">
Header set Cache-Control "max-age=2592000, public"
</FilesMatch>
</IfModule>

<IfModule mod_headers.c>
<FilesMatch "\.(js|css|xml|gz)$">
Header append Vary Accept-Encoding
</FilesMatch>
</IfModule>

# Set Keep Alive Header
<IfModule mod_headers.c>
Header set Connection keep-alive
</IfModule>

# If your server don't support ETags deactivate with "None" (and remove header)
<IfModule mod_expires.c>
<IfModule mod_headers.c>
Header unset ETag
</IfModule>
FileETag None
</IfModule>

<IfModule mod_headers.c>
<FilesMatch ".(js|css|xml|gz|html|woff|woff2|ttf)$">
Header append Vary: Accept-Encoding
</FilesMatch>
</IfModule>

# Beispiel-Codeschnipsel für die WordPress-htaccess-Datei
# https://www.wp-sicherheit.info
# Marc Nilius, info@wp-sicherheit.info

# Mit Material von Zodiac1978, siehe auch https://gist.github.com/Zodiac1978/d25a8f3aebba7cd1c01c

#
# Diese Codeschnipsel gehören in die .htaccess-Datei im Hauptverzeichnis von WordPress
# Jeder einzelne Bestandteil kann einzeln kopiert und genutzt werden.
# Bitte die Verwendungshinweise (Kommentare) an jedem Schnipsel beachten
#

# Full Path Disclosure (FPD) verhindern
# mod_php7.c zu mod_php5.c für PHP < 7

<IfModule mod_php7.c>
php_flag display_errors Off
</IfModule>

# Verzeichnislisting verhindern
# Options All -Indexes

# Allgemein Zugriff auf temporäre Dateien o.ä. und sonstige generell nicht sinnvolle Dateien verhinden
<FilesMatch "(\.(bak|config|sql|fla|psd|ini|log|sh|inc|swp|dist|txt)|~)$">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>

# Zugriff auf die robots.txt wieder erlauben
# (ist über die obige Regel automatisch mit ausgeschlossen worden)
<Files robots.txt>
Order allow,deny
Allow from all
</Files>

# Zugriff auf htaccess und htpasswd verhindern
<Files ~ "^[\._]ht">
Order Allow,Deny
Deny from all
Satisfy All
</Files>

# Zugriff auf diverse WordPress-Dateien verhindern
<FilesMatch "(wp-config.php|wp-config-sample.php|liesmich.html|readme.html)">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>

# Zugriff auf die install.php verhindern
# auskommentieren, um die Installation von Wordpress auszuführen
<Files install.php>
Order allow,deny
Deny from all
Satisfy All
</Files>

# Zugriff auf die XML-RPC-Schnittstelle verhindern
# Diesen Teil nur aktivieren/nutzen, wenn die XML-RPC-Schnittstelle nicht benötigt wird.
<Files xmlrpc.php>
Order Allow,Deny
Deny from all
</Files>

# Includes-Dateien ausschließen
# Auchtung bei Benutzung in Multisite-Umgebungen!
# See: http://codex.wordpress.org/Hardening_WordPress#Securing_wp-admin
<IfModule mod_rewrite.c>
RewriteEngine On
# RewriteBase muss ggf. angepasst werden, je nach Serverkonfiguration
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteCond %{SCRIPT_FILENAME} !^(.*)wp-includes/ms-files.php
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>

# Header mit Versionsinfos deaktivieren
<IfModule mod_headers.c>
Header unset X-Powered-By
Header unset X-Pingback
Header unset SERVER
</IfModule>

# PHP im Uploads-Verzeiochnis verhindern
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^(wp-content/uploads/.+.php)$ $1 [H=text/plain]
</IfModule>