apache_conf WordPress的安全性

Posted 2021-05-23

tags:

篇首语：本文由小常识网(cha138.com)小编为大家整理，主要介绍了apache_conf WordPress的安全性相关的知识，希望对你有一定的参考价值。

## Start Security ##

<Files wp-config.php>
  order allow,deny
  deny from all
</Files>

<Files wp-login.php>
  AuthType Basic
  AuthName "IP not in whitelist, please login"
  AuthUserFile "/home/heere/domains/heere.biz/.htpasswd/.htpasswd"
  Require valid-user
  ErrorDocument 401 "Authorisation Required"
  order deny,allow
  deny from all
  allow from 87.213.97.46 localhost 127.0.0.1
  Satisfy any
</Files>

# Block the include-only files.
<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteBase /
  RewriteRule ^wp-admin/includes/ - [F,L]
  RewriteRule !^wp-includes/ - [S=3]
  RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
  RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
  RewriteRule ^wp-includes/theme-compat/ - [F,L]

  # Block enumerating users
  RewriteCond %{REQUEST_URI} !^/wp/wp-admin [NC]
  RewriteCond %{QUERY_STRING} ^author=\d+ [NC,OR]
  RewriteCond %{QUERY_STRING} ^author=\{num 
  RewriteRule ^ - [L,R=403]
</IfModule>

# protect xmlrpc
<Files xmlrpc.php>
  Order Deny,Allow
  Deny from all
</Files>

## End Security ##

以上是关于apache_conf WordPress的安全性的主要内容，如果未能解决你的问题，请参考以下文章

apache_conf Wordpress快速减少垃圾和安全性......

apache_conf .htaccess为WordPress考虑安全性

apache_conf WordPress安全

apache_conf 使用这些.htaccess添加更安全的WordPress