WordPress:Mengamankan dengan htaccess: Difference between revisions
No edit summary |
|||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
===Block Bad Bots=== | ===Block Bad Bots=== | ||
<syntaxhighlight lang="apacheconf"> | |||
# Block one or more IP address. | |||
# Replace IP_ADDRESS_* with the IP you want to block | |||
<Limit GET POST> | |||
order allow,deny | |||
deny from IP_ADDRESS_1 | |||
deny from IP_ADDRESS_2 | |||
allow from all | |||
</Limit> | |||
</syntaxhighlight> | |||
===Disable Directory Browsing=== | ===Disable Directory Browsing=== | ||
<syntaxhighlight lang="apacheconf"> | |||
# Disable directory browsing | |||
Options All -Indexes | |||
</syntaxhighlight> | |||
===Allow Only Selected Files from wp-content=== | ===Allow Only Selected Files from wp-content=== | ||
<syntaxhighlight lang="apache"> | |||
# Disable access to all file types except the following | |||
Order deny,allow | |||
Deny from all | |||
<Files ~ ".(xml|css|js|jpe?g|png|gif|pdf|docx|rtf|odf|zip|rar)$"> | |||
Allow from all | |||
</Files> | |||
</syntaxhighlight> | |||
===Restrict All Access to wp-includes=== | ===Restrict All Access to wp-includes=== | ||
<syntaxhighlight lang="apache"> | |||
# Block wp-includes folder and files | |||
<IfModule mod_rewrite.c> | |||
RewriteEngine On | |||
RewriteBase / | |||
RewriteRule ^wp-admin/includes/ - [F,L] | |||
RewriteRule !^wp-includes/ - [S=3] | |||
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] | |||
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] | |||
RewriteRule ^wp-includes/theme-compat/ - [F,L] | |||
</IfModule> | |||
</syntaxhighlight> | |||
===Allow only Selected IP Addresses to Access wp-admin=== | ===Allow only Selected IP Addresses to Access wp-admin=== | ||
<syntaxhighlight lang="apacheconf"> | |||
# Limit logins and admin by IP | |||
<Limit GET POST PUT> | |||
order deny,allow | |||
deny from all | |||
allow from 302.143.54.102 | |||
allow from IP_ADDRESS_2 | |||
</Limit> | |||
</syntaxhighlight> | |||
===Protect wp-config.php and .htaccess from everyone=== | ===Protect wp-config.php and .htaccess from everyone=== | ||
<syntaxhighlight lang="apacheconf"> | |||
# Deny access to wp-config.php file | |||
<files wp-config.php> | |||
order allow,deny | |||
deny from all | |||
</files> | |||
</syntaxhighlight> | |||
===Deny Image Hotlinking=== | ===Deny Image Hotlinking=== | ||
<syntaxhighlight lang="apache"> | |||
# Prevent image hotlinking script. Replace last URL with any image link you want. | |||
RewriteEngine on | |||
RewriteCond %{HTTP_REFERER} !^$ | |||
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourwebsite.com [NC] | |||
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourotherwebsite.com [NC] | |||
RewriteRule \.(jpg|jpeg|png|gif)$ http://i.imgur.com/MlQAH71.jpg [NC,R,L] | |||
</syntaxhighlight> | |||
===Enable Browser Caching=== | ===Enable Browser Caching=== | ||
<syntaxhighlight lang="apacheconf"> | |||
# Setup browser caching | |||
<IfModule mod_expires.c> | |||
ExpiresActive On | |||
ExpiresByType image/jpg "access 1 year" | |||
ExpiresByType image/jpeg "access 1 year" | |||
ExpiresByType image/gif "access 1 year" | |||
ExpiresByType image/png "access 1 year" | |||
ExpiresByType text/css "access 1 month" | |||
ExpiresByType application/pdf "access 1 month" | |||
ExpiresByType text/x-javascript "access 1 month" | |||
ExpiresByType application/x-shockwave-flash "access 1 month" | |||
ExpiresByType image/x-icon "access 1 year" | |||
ExpiresDefault "access 2 days" | |||
</IfModule> | |||
</syntaxhighlight> | |||
==Source== | == Source == | ||
*[https://www.wpexplorer.com/htaccess-wordpress-security/ wpexplorer.com] | *[https://www.wpexplorer.com/htaccess-wordpress-security/ wpexplorer.com] | ||
[[Category:Security]] | [[Category:Security]] | ||
[[Category:CMS]] | [[Category:CMS]] | ||
[[Category:WordPress]] | |||