apache_conf 提高WordPress的安全性

Posted 2021-05-23

# Enable .htpasswd authentication
# <If "%{HTTP_HOST} != 'dev'">
# AuthType Basic
# AuthName "Login to dashboard"
# AuthUserFile /path/to/.htpasswd
# Require valid-user
# </If>

# Deny access to all .htaccess files
<files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</files>

# Deny access to wp-config.php file
<files wp-config.php>
order allow,deny
deny from all
</files>

# Disable directory browsing
Options ALL -Indexes

# Disable access to all file types except the following
Order deny,allow
Deny from all
<Files ~ ".(xml|css|js|jpe?g|png|gif|pdf|docx|rtf|odf|zip|rar)$">
Allow from all
</Files>

# Block wp-includes folder and files
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>

# Prevent image hotlinking script. Replace last URL with any image link you want.
# <IfModule mod_rewrite.c>
# RewriteEngine on
# RewriteCond %{HTTP_REFERER} !^$
# RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourwebsite.com [NC]
# RewriteRule \.(jpg|jpeg|png|gif)$ http://i.imgur.com/MlQAH71.jpg [NC,R,L]
# </IfModule>

# Setup browser caching
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access 1 year"
ExpiresByType image/jpeg "access 1 year"
ExpiresByType image/gif "access 1 year"
ExpiresByType image/png "access 1 year"
ExpiresByType text/css "access 1 month"
ExpiresByType application/pdf "access 1 month"
ExpiresByType text/x-javascript "access 1 month"
ExpiresByType application/x-shockwave-flash "access 1 month"
ExpiresByType image/x-icon "access 1 year"
ExpiresDefault "access 2 days"
</IfModule>

# Restrict PHP file execution
# <Directory "/var/www/wp-content/uploads/">
# <Files "*.php">
# Order Deny,Allow
# Deny from All
# </Files>
# </Directory>

# Protect site against script injections
Options +FollowSymLinks
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]
</IfModule>

# Prevent username execution
RewriteCond %{QUERY_STRING} author=d
RewriteRule ^ /? [L,R=301]

# Require SSL
# SSLOptions +StrictRequire
# SSLRequireSSL
# SSLRequire %{HTTP_HOST} eq "www.you-site.com"
# ErrorDocument 403 https://www.your-site.com