apache_conf .htaccess为WordPress考虑安全性

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了apache_conf .htaccess为WordPress考虑安全性相关的知识,希望对你有一定的参考价值。

# Make sure these directives are either above the "BEGIN WordPress"
# line or below the "END WordPress" line. Also, make sure you test
# your site if you use any of the suggestions below. These rules
# are very specific to running WordPress so if you also serve some other
# static or PHP files under the directory where these rules will live
# you may find they won't work. TEST TEST TEST.

# disable directory browsing
Options All -Indexes

# prevent direct access to wp-config.php
<files wp-config.php>
order allow,deny
deny from all
</files>

# block access to all php files under /wp-content and further
RedirectMatch 403 ^.*/wp-content/.*\.php$

# Block the include-only files.
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]

# prevent comment posting if referrer is blank
# replace yoursite.com with your actual domain name
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*yoursite.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

# deny access to all dot (hidden) files (eg .htaccess)
<Files ~ "^\..*">
order allow,deny
deny from all
satisfy all
</Files>

以上是关于apache_conf .htaccess为WordPress考虑安全性的主要内容,如果未能解决你的问题,请参考以下文章

apache_conf 一套方便的.htaccess声明,我可以为各种项目挑选

apache_conf .htaccess将站点限制为某些IP地址重定向其他地址

apache_conf .htaccess将站点限制为某些IP地址重定向其他地址

apache_conf .htaccess将站点限制为某些IP地址重定向其他地址

apache_conf 在.htaccess文件中将时区设置为PHP的协调世界时(UTC)。

apache_conf 为.htaccess文件创建可靠的基础。目前包括RewriteBase,Security(针对索引,文件等)和Expires Headers