Notice: These forums are now retired and closed. For active support, please Submit a Ticket or visit our official WordPress.org community pages.
Kadence Theme | Kadence Blocks | Starter Templates | WooCommerce Email Designer | Ascend | Virtue | Pinnacle
Security Ascend theme
- This topic has 2 replies, 2 voices, and was last updated 8 years, 8 months ago by
.
Hello,
I’d like to know if it’s interesting add code in htaccess to block access to files as :
# Désactiver l’affichage du contenu des répertoires
Options All -Indexes
# Alternative pour empêcher le listage des répertoires
IndexIgnore *
# Masquer les informations du serveur
ServerSignature Off
# Activation du suivi des liens symboliques
Options +FollowSymLinks
# Choix du fuseau horaire
SetEnv TZ Europe/Paris
# Encodage par défaut des fichiers textes et HTML
AddDefaultCharset UTF-8
# Éviter le spam de commentaires
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post.php*
RewriteCond %{HTTP_REFERER} !.monsite.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]
</IfModule>
# Éviter que l’on découvre l’identifiant d’un auteur
# Merci à Jean-Michel Silone du groupe Facebook WP-Secure *Login to see link
<IfModule mod_rewrite.c>
RewriteCond %{QUERY_STRING} ^author=([0-9]*)
RewriteRule .* – [F]
</IfModule>
# Bloquer l’utilisation de certains scripts
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ – [F,L]
RewriteRule !^wp-includes/ – [S=3]
RewriteRule ^wp-includes/[^/]+.php$ – [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+.php – [F,L]
RewriteRule ^wp-includes/theme-compat/ – [F,L]
# Protection contre les injections de fichiers
RewriteCond %{REQUEST_METHOD} GET
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(..//?)+ [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC]
RewriteRule .* – [F]
# Protections diverses (XSS, clickjacking et MIME-Type sniffing)
<ifModule mod_headers.c>
Header set X-XSS-Protection “1; mode=block”
Header always append X-Frame-Options SAMEORIGIN
Header set X-Content-Type-Options: “nosniff”
</ifModule>
# .htaccess in wp-includes : Bloque les accès directs aux fichiers PHP (Merci à Sucuri)
<Files wp-tinymce.php>
allow from all
</Files>
<FilesMatch “.(?i:php)$”>
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from all
</IfModule>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
</FilesMatch>
<Files wp-tinymce.php>
Allow from all
</Files>
<Files ms-files.php>
Allow from all
</Files>
# htaccess in wp-content : Bloque les accès directs aux fichiers PHP (Merci à Sucuri)
<FilesMatch “.(?i:php)$”>
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from all
</IfModule>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
</FilesMatch>
# htaccess in wp-content/uploads Bloque les accès directs aux fichiers PHP (Merci à Sucuri)
<FilesMatch “.(?i:php)$”>
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from all
</IfModule>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
</FilesMatch>
Thank you by advance
- The forum ‘Ascend Theme’ is closed to new topics and replies.
