子目录

时间:2019-03-06 16:27:17

标签: php wordpress .htaccess hardening

我使用此类.htaccess规则强化wordpress并重定向到https:

# Block IPS for login
<Files "wp-login.php">
Require all denied
Require ip xxx.xx.xx.xx
Require ip xxx.xx.xx.xx
</Files>
#Protect wp-config
<Files "wp-config.php">
Require all denied
</Files>
# Prevent directory browsing
Options All -Indexes
# Protect htaccess
<FilesMatch "^.*\.([Hh][Tt][Aa])">
Require all denied
</FilesMatch>
# Block Includes
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php \ - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>
# Block xmlrpc.php
<Files "xmlrpc.php">
Require all denied
</Files>
# Security related. Block browser access to log files
<Files  ~ "\.log$">
Require all denied
</Files>
# Extra Security Headers
<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
Header set X-Frame-Options SAMEORIGIN
Header set X-Content-Type-Options nosniff
</IfModule>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^domainname\.lt$ [NC]
RewriteRule ^(.*)$ https://www.domainname.com/$1 [R=301,L]
RewriteCond %{HTTPS} !^on$
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

WordPress安装在主目录中。现在,我们计划在子文件夹(public_html / de)中安装第二个wordpres博客。新安装将具有其自己的.htaccess文件。对于此新的wordpress安装,我们是否需要相同的强化规则,或者足以在主文件夹中包含强化规则?

1 个答案:

答案 0 :(得分:0)

我认为您需要使用 RewriteOptions继承以使用父级的继承

还有其他事情: 您不使用注释#BEGIN WordPress和#END wordpress,以便在生成htacces时wordpress不会覆盖您的超载吗?