## cgi, perl, python geen toegang <FilesMatch "\.(cgi|pl|py)"> Order allow,deny Deny from all </FilesMatch> ## rewrite aan RewriteEngine On RewriteBase / ## bezoekers geen toegang tot WP includes RewriteRule ^wp-admin/includes/ - [F,L] RewriteRule !^wp-includes/ - [S=3] RewriteRule ^wp-includes/[^/]+.php$ - [F,L] RewriteRule ^wp-includes/js/tinymce/langs/.+.php - [F,L] RewriteRule ^wp-includes/theme-compat/ - [F,L] ## extra security # IF the uri contains http: or https: RewriteCond %{QUERY_STRING} http\: [OR] RewriteCond %{QUERY_STRING} https\: [OR] # OR IF the uri contains [ or ] RewriteCond %{QUERY_STRING} \[ [OR] RewriteCond %{QUERY_STRING} \] [OR] # OR IF the uri contains <script> RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] # OR IF the script trying to set a php globals variable via url RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] # OR IF any script is trying to modify a _request variable via url RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR] # OR IF the uri contains union RewriteCond %{QUERY_STRING} UNION [OR] # OR IF the uri contains double slash RewriteCond %{QUERY_STRING} // [OR] # OR IF the request contains /proc/self/environ (lfi hack) RewriteCond %{QUERY_STRING} proc\/self\/environ [OR] # OR IF the uri contains asterisk RewriteCond %{QUERY_STRING} \* # THEN deny the request 403 RewriteRule ^.*$ - [F,L] ## hieronder de rest van je htaccess ## ....
L
« Ga terug
