htaccess
Protect wp-admin by Basic Auth
Protect wp-admin by Basic Auth
You have to protect the wp-admin / wp-login.php at least by the baisc-auth if you do not want to do it using Cloduflare
Here is the steps to Protect it
Tips to Install a Secure WordPress
All of us know that WordPress is the most common CMS and it is the easiest one ever, Now I will put here some tips to install a secure WordPress
- Install WordPress CMS platform Here is the link
- https://wordpress.org/plugins/advanced-nocaptcha-recaptcha
Important tips:
Block wp-includes folder and files Wordpress
To hide sensitive files in the wp-includes
folder, add the following code to the .htaccess file in the root of your site:
# Block wp-includes folder and files
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>
Prevent execute PHP file in wp-content/uploads directory
wp-content/uploads directory
your wp–content/uploads directory should be considered a potential entry point and can be exploited for number of wordpress hacks . The biggest potential threat is the uploading of PHP files.
If you can browse /wp–content/plugins/ – the enumeration of plugins and versions becomes much easier! Exploiting this can allow an attacker to obtain sensitive information that could aid in further attacks.
Block Some Bots using htaccess
A lot of time we get many requests from some bots we do not need here you can block them from htaccess file
<IfModule mod_setenvif.c> SetEnvIfNoCase User-Agent (SemrushBot|Semrush|python-requests|sqlmap|wordpress|apachebench) bad_user_agents Order Allow,Deny Allow from all Deny from env=bad_user_agents </IfModule>
Wordpress htaccess configuration
as you know that WordPress is one of the most famous CMS in the world but unforunatily it is not secure enough and we have to protect it somehow abd also we need to setup some cache configuration in the htaccess
First thing you need to do is to disable directory listing by adding this line to .htaccess
Options All -Indexes
the other thing you need to do is to setup the objects cache (image/css files/ js files)
this is one of the best code we can use
Magento 2 static files are not working
How many times you tried to install Magento 2 and later you could not see the website working !!, How many times you tried to search for these sentences
"Magento 2 css not working"
"Magento 2 js not working"
"Magento 2 404 page not found" because of the static files?
Now here is the solution, and easily it is the missed .htaccess (for apache)
by quick look at this path "{magento root}/pub/static", you will see that you missed the .htaccess file
How to remove index.php from url if we enter manually
RewriteCond %{THE_REQUEST} ^GET.*index\.php [NC]
RewriteRule (.*?)index\.php/*(.*) /$1$2 [R=301,NE,L]
Enable gzip compression for PageSpeed
Find your .htaccess file in the root of your domain. This file is a hidden file but should show up in FTP clients like FileZilla or CORE. You can edit the .htaccess file with notepad or any form of basic text editor.
In this file we will set our caching parameters to tell the browser what types of files to cache
Configuring Apache to serve the appropriate headers - leverage browser caching
Find your .htaccess file in the root of your domain. This file is a hidden file but should show up in FTP clients like FileZilla or CORE. You can edit the .htaccess file with notepad or any form of basic text editor.
In this file we will set our caching parameters to tell the browser what types of files to cache