Par WordPress htaccess trikova za bolju sigurnost i SEO
Canonical robots.txt
Pomozite robotima (kao npr. google bot, yahoo bot…) da lakše pronađu robots.txt. S obzirom da se robots.txt nalazi u root direktorijumu sajta, pomisli biste da to nije problem, nažalost loši botovi i zlonamerne skripte skeniraju za robots.txt svuda,srećom to htaccess sređuje i usmerava svaki zahtev za robots.txt na stvarnu datoteku u root direktorijumu.
#ROBOTS.TXTRewriteBase / RewriteCond %{REQUEST_URI} !^/robots.txt$ [NC] RewriteCond %{REQUEST_URI} robots\.txt [NC] RewriteRule .* http://moj-domen.com/robots.txt [R=301,L]
Canonical Favicons
# FAVICONS
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !^/favicon.ico$ [NC]
RewriteCond %{REQUEST_URI} /favicon(s)?\.?(gif|ico|jpe?g?|png)?$ [NC]
RewriteRule (.*) http://moj-domen.com/favicon.ico [R=301,L]
</IfModule>
Canonical Sitemaps
# SITEMAPS <IfModule mod_alias.c> RedirectMatch 301 /sitemap\.xml$ http://moj-domen.com/sitemap.xml RedirectMatch 301 /sitemap\.xml\.gz$ http://moj-domen.com/sitemap.xml.gz </IfModule>
Canonical Feeds
# FEEDS <IfModule mod_alias.c> RedirectMatch 301 /feed/(atom|rdf|rss|rss2)/?$ http://moj-domen.com/feed/ RedirectMatch 301 /comments/feed/(atom|rdf|rss|rss2)/?$ http://moj-domen.com/comments/feed/ </IfModule>
Preusmeravanje RSS Feed na FeedBurner
# Preusmeravanje na Feedburner
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_URI} ^/feed/ [NC]
RewriteCond %{HTTP_USER_AGENT} !(FeedBurner|FeedValidator) [NC]
RewriteRule .* http://feeds.feedburner.com/mainContentFeed [L,R=302]
RewriteCond %{REQUEST_URI} ^/comments/feed/ [NC]
RewriteCond %{HTTP_USER_AGENT} !(FeedBurner|FeedValidator) [NC]
RewriteRule .* http://feeds.feedburner.com/allCommentsFeed [L,R=302]
</IfModule>
Jednostavniji Login URL
RewriteRule ^pristup$ http://moj-domen.com/wp-login.php [NC,L]
Uklonite /category/ iz linka
RewriteRule ^category/(.+)$ http://www.moj-domen.com/$1 [R=301,L]
Automatsko podešavanje CHMOD dozvola za razne fajlove
chmod .htpasswd files 640 chmod .htaccess files 644 chmod php files 600
Bezbednost
#Dodavanje "custom" headers: korisno za shared hosting Header add X-Frame-Options "DENY" Header add X-XSS-Protection "1; mode=block" # KORISTITE AKO SU SVE SKIPTE NA ISTOM DOMENU. #Header add X-Content-Security-Policy "default-src 'self'" Header add X-Content-Type-Options "nosniff" Header unset link Header unset Server Header unset X-Pingback ServerSignature Off Options -Indexes
RewriteEngine on RewriteBase / ServerSignature Off Options +FollowSymLinks Options -MultiViews
DirectoryIndex index.php index.html /index.php
#Zastita wp-config.php <files wp-config.php> order allow,deny deny from all </files>
#Zastita od botovaRewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR] RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot@yahoo.com [OR] RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR] RewriteCond %{HTTP_USER_AGENT} ^Custo [OR] RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR] RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR] RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR] RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR] RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR] RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR] RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR] RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR] RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR] RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR] RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR] RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR] RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR] RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR] RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR] RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR] RewriteCond %{HTTP_USER_AGENT} ^HMView [OR] RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR] RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR] RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR] RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR] RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR] RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR] RewriteCond %{HTTP_USER_AGENT} ^larbin [OR] RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR] RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR] RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR] RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR] RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR] RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR] RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR] RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR] RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR] RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR] RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR] RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR] RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR] RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR] RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR] RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR] RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR] RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR] RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR] RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR] RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR] RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR] RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR] RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR] RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR] RewriteCond %{HTTP_USER_AGENT} ^WWW-Mechanize [OR] RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR] RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR] RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR] RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR] RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR] RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR] RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR] RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR] RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR] RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR] RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR] RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR] RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR] RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR] RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR] RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR] RewriteCond %{HTTP_USER_AGENT} ^Widow [OR] RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR] RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR] RewriteCond %{HTTP_USER_AGENT} ^Toata\ dragostea\ mea\ pentru\ diavola [OR] RewriteCond %{HTTP_USER_AGENT} ^Mozilla/5.0\ SF [OR] RewriteCond %{HTTP_USER_AGENT} ^Zeus RewriteRule ^.* - [F,L] #scanner botsRewriteCond %{HTTP_USER_AGENT} ^w3af.sourceforge.net [NC,OR] RewriteCond %{HTTP_USER_AGENT} dirbuster [NC,OR] RewriteCond %{HTTP_USER_AGENT} nikto [NC,OR] RewriteCond %{HTTP_USER_AGENT} sqlmap [NC,OR] RewriteCond %{HTTP_USER_AGENT} fimap [NC,OR] RewriteCond %{HTTP_USER_AGENT} nessus [NC,OR] RewriteCond %{HTTP_USER_AGENT} whatweb [NC,OR] RewriteCond %{HTTP_USER_AGENT} Openvas [NC,OR] RewriteCond %{HTTP_USER_AGENT} jbrofuzz [NC,OR] RewriteCond %{HTTP_USER_AGENT} libwhisker [NC,OR] RewriteCond %{HTTP_USER_AGENT} webshag [NC,OR] RewriteCond %{HTTP_USER_AGENT} (havij|Netsparker|libwww-perl|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|).*(libwww-perl|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR] RewriteCond %{HTTP:Acunetix-Product} ^WVS RewriteCond %{REQUEST_URI} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR] RewriteCond %{REQUEST_URI} (<|%3C)([^e]*e)+mbed.*(>|%3E) [NC,OR] RewriteCond %{REQUEST_URI} (<|%3C)([^o]*o)+bject.*(>|%3E) [NC,OR] RewriteCond %{REQUEST_URI} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR] RewriteCond %{REQUEST_URI} base64_(en|de)code[^(]*\([^)]*\) [NC,OR] RewriteCond %{REQUEST_URI} (%0A|%0D|\\r|\\n) [NC,OR] RewriteCond %{REQUEST_URI} union([^a]*a)+ll([^s]*s)+elect [NC] RewriteRule ^(.*)$ http://127.0.0.1 [R=301,L]
Zabrana pristupa readme.txt i readme.html
<files readme.txt> order allow,deny deny from all </files> <files readme.html> order allow,deny deny from all </files>
<FilesMatch "robots\.txt"> Header set X-Robots-Tag "noindex" </FilesMatch> <FilesMatch "\.(js|xml)$"> Header set X-Robots-Tag "noindex,follow,noarchive,nosnippet" </FilesMatch>
<FilesMatch "\.(html|htm|php)$"> Header set Imagetoolbar "no" </FilesMatch>
Zabrana pristupa .htaccess, .htpasswd i ostalim fajlovima
<FilesMatch "\.(htaccess|htpasswd|ini|phps|fla|psd|log|sh) $"> Order Allow,Deny Deny from all </FilesMatch>
Zaštita od Query String Exploit-a
<IfModule mod_rewrite.c>
RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} tag\= [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} http\: [NC,OR]
RewriteCond %{QUERY_STRING} https\: [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|'|"|;|\?|\*).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%22|%27|%3C|%3E|%5C|%7B|%7C).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|config|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare|drop).* [NC]
RewriteRule ^(.*)$ - [F,L]
</IfModule>
<IfModule mod_alias.c>
RedirectMatch 404 \,
RedirectMatch 404 \:
RedirectMatch 404 \;
RedirectMatch 404 \=
RedirectMatch 404 \@
RedirectMatch 404 \[
RedirectMatch 404 \]
RedirectMatch 404 \^
RedirectMatch 404 `
RedirectMatch 404 \{
RedirectMatch 404 \}
RedirectMatch 404 \~
RedirectMatch 404 \"
RedirectMatch 404 \$
RedirectMatch 404 \<
RedirectMatch 404 \>
RedirectMatch 404 \|
RedirectMatch 404 \.\.
RedirectMatch 404 \/\/
RedirectMatch 404 \%0
RedirectMatch 404 \%A
RedirectMatch 404 \%B
RedirectMatch 404 \%C
RedirectMatch 404 \%D
RedirectMatch 404 \%E
RedirectMatch 404 \%F
RedirectMatch 404 \%22
RedirectMatch 404 \%27
RedirectMatch 404 \%28
RedirectMatch 404 \%29
RedirectMatch 404 \%3C
RedirectMatch 404 \%3E
RedirectMatch 404 \%3F
RedirectMatch 404 \%5B
RedirectMatch 404 \%5C
RedirectMatch 404 \%5D
RedirectMatch 404 \%7B
RedirectMatch 404 \%7C
RedirectMatch 404 \%7D
Redirectmatch 403 \_vpi
RedirectMatch 403 \.inc
Redirectmatch 403 xAou6
Redirectmatch 403 db\_name
Redirectmatch 403 select\(
Redirectmatch 403 convert\(
Redirectmatch 403 \/query\/
RedirectMatch 403 ImpEvData
Redirectmatch 403 \.XMLHTTP
Redirectmatch 403 proxydeny
RedirectMatch 403 function\.
Redirectmatch 403 remoteFile
Redirectmatch 403 servername
Redirectmatch 403 \&rptmode\=
Redirectmatch 403 sys\_cpanel
RedirectMatch 403 db\_connect
RedirectMatch 403 doeditconfig
RedirectMatch 403 check\_proxy
Redirectmatch 403 system\_user
Redirectmatch 403 \/\(null\)\/
Redirectmatch 403 clientrequest
Redirectmatch 403 option\_value
RedirectMatch 403 ref\.outcontrol
# SPECIFIC EXPLOITS
RedirectMatch 403 errors\.
RedirectMatch 403 config\.
RedirectMatch 403 include\.
RedirectMatch 403 display\.
RedirectMatch 403 register\.
Redirectmatch 403 password\.
RedirectMatch 403 maincore\.
RedirectMatch 403 authorize\.
Redirectmatch 403 macromates\.
RedirectMatch 403 head\_auth\.
RedirectMatch 403 submit\_links\.
RedirectMatch 403 change\_action\.
Redirectmatch 403 com\_facileforms\/
RedirectMatch 403 admin\_db\_utilities\.
RedirectMatch 403 admin\.webring\.docs\.
Redirectmatch 403 Table\/Latest\/index\.
</IfModule>
Izvori:
journalxtra.com
perishablepress.com
wpexplorer.com
codex.wordpress.org
0 komentara: