.htaccess Part Two Security

Yesterday we started a series of guides for the amazing tool .htaccess. For those who did not read it first part, .htaccess is a small configuration file of the Apache web server. Today we will see how we can edit it to improve security in a WordPress installation.security

We will once again mention its importance of all files (.php, .sql) stored in a Linux environment, with the editor notepad ++ and not with the classic Windows notepad.

To start processing the file you need to download it to your computer. Immediately after, and after installing Notepad plus plus, a right click on it will give you the : Edit with Notepad.

Before proceeding, you need to keep a backup of the file you downloaded.

After editing the file there are different storage methods.

The easiest way is to use the floppy disk icon savelocated in the upper left corner of the Notepad ++ application.

The second way you will need if you want to save .htaccess to a Windows environment with save as, or save as.

Because Windows considers that .htaccess is the file type suffix and that the missing name will prompt you to give a name to your file. B.C. name.htaccess. You can avoid using quotes.

So try saving your file as ".htaccess"htaccess 2

After the basics let's see how we can secure our WordPress site.

Let's start protecting the .htaccess itself You can use the same command to deny access to any file you want by simply changing the file name.


order allow, deny deny from all

Block access to multiple files together (you can add more if you need)


 Order Allow, Deny Deny from all

Let's exclude browser access to the site's folders

Options All -Indexes
  • To enable it instead of - we use +

That is:

Options All + Indexes

Of course, since we talk about security, forget the above command

Exclude an IP


order allow,deny deny from xxx.xxx.xxx.xxx allow from all

 

Let's close some gaps now

Block any scripts with encoded commands base64_encode

RewriteCond% {QUERY_STRING} base64_encode. * (. *) [OR]

Exclude the method proc/self/about

RewriteCond% {QUERY_STRING} proc / self / environ [OR]

Protect yourself from any script trying to change php globals values

RewriteCond% {QUERY_STRING} GLOBALS (= | [|% [0-9A-Z] {0,2}) [OR]

Protection from any script trying to change value in mosConfig

RewriteCond% {QUERY_STRING} mosConfig_ [a-zA-Z _] {1,21} (= |% 3D) [OR]

Block any URL that contains the tag

every publication, directly to your inbox

Join the 2.087 registrants.

action.htaccesshttpsimagesscripts

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).