How to secure a WordPress 3 site in .htaccess (security tips)

If you are using WordPress on Apache web-server then you can add some codes to .htaccess file to secure your blog from security risks.

.htaccess is a hidden file which sets directory level server configuration.

First get a backup of .htaccess file and add the following at the end.

# 5G BLACKLIST/FIREWALL (2013)
# @ http://perishablepress.com/5g-blacklist-2013/

# 5G:[QUERY STRINGS]

	RewriteEngine On
	RewriteBase /
	RewriteCond %{QUERY_STRING} (javascript:).*(\;) [NC,OR]
	RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3) [NC,OR]
	RewriteCond %{QUERY_STRING} (\\|\.\./|`|=\'$|=%27$) [NC,OR]
	RewriteCond %{QUERY_STRING} (\;|\'|\"|%22).*(union|select|insert|drop|update|md5|benchmark|or|if) [NC,OR]
	RewriteCond %{QUERY_STRING} (base64_encode|localhost|mosconfig) [NC,OR]
	RewriteCond %{QUERY_STRING} (boot\.ini|echo.*kae|etc/passwd) [NC,OR]
	RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC]
	RewriteRule .* - [F]

# 5G:[USER AGENTS]

	# SetEnvIfNoCase User-Agent ^$ keep_out
	SetEnvIfNoCase User-Agent (binlar|casper|cmsworldmap|comodo|diavol|dotbot|feedfinder|flicky|ia_archiver|jakarta|kmccrew|nutch|planetwork|purebot|pycurl|skygrid|sucker|turnit|vikspider|zmeu) keep_out

		Order Allow,Deny
		Allow from all
		Deny from env=keep_out

# 5G:[REQUEST STRINGS]

	RedirectMatch 403 (https?|ftp|php)\://
	RedirectMatch 403 /(https?|ima|ucp)/
	RedirectMatch 403 /(Permanent|Better)$
	RedirectMatch 403 (\=\\\'|\=\\%27|/\\\'/?|\)\.css\()$
	RedirectMatch 403 (\,|\)\+|/\,/|\{0\}|\(/\(|\.\.\.|\+\+\+|\||\\\"\\\")
	RedirectMatch 403 \.(cgi|asp|aspx|cfg|dll|exe|jsp|mdb|sql|ini|rar)$
	RedirectMatch 403 /(contac|fpw|install|pingserver|register)\.php$
	RedirectMatch 403 (base64|crossdomain|localhost|wwwroot|e107\_)
	RedirectMatch 403 (eval\(|\_vti\_|\(null\)|echo.*kae|config\.xml)
	RedirectMatch 403 \.well\-known/host\-meta
	RedirectMatch 403 /function\.array\-rand
	RedirectMatch 403 \)\;\$\(this\)\.html\(
	RedirectMatch 403 proc/self/environ
	RedirectMatch 403 msnbot\.htm\)\.\_
	RedirectMatch 403 /ref\.outcontrol
	RedirectMatch 403 com\_cropimage
	RedirectMatch 403 indonesia\.htm
	RedirectMatch 403 \{\$itemURL\}
	RedirectMatch 403 function\(\)
	RedirectMatch 403 labels\.rdf
	RedirectMatch 403 /playing.php
	RedirectMatch 403 muieblackcat

# 5G:[REQUEST METHOD]

	RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
	RewriteRule .* - [F]

# 5G:[BAD IPS]

	Order Allow,Deny
	Allow from all
	# uncomment/edit/repeat next line to block IPs
	# Deny from 123.456.789

Was this answer helpful?

 Print this Article

Also Read

How to secure a Joomla 3 site in .htaccess (security tips)

Warning: Read the hashed areas! Incorrect settings on some servers may cause 500 page errors. The...

Block WordPress brute force attacks via xmlrpc.php

Block WordPress brute force attacks via xmlrpc.php How to block “xmlrpc.php” hacking attempts?...

How to secure a Joomla 3 site against hacker attacks

Most Joomla attacks are a result of plugin/components vulnerabilities, weak passwords, and...

How to Get the Right Kind of Traffic

So you have a website and the whole point is to get as much as traffic to it as possible, right?...

Joomla .htaccess: Option FollowSymlinks not allowed here

.htaccess: Option FollowSymlinks not allowed here Try changing that option to read...

Powered by WHMCompleteSolution