With .htaccess you can do so many things, but the risky part is almost all the time you need to edit your .htaccess file manually. However, now there is a special htaccess wp plugin for wordpress blogs that does so many things (full features are below the screenshot). All you need is “enable” a particular feature and it will rewrite your .htaccess file automatically.
Full Features
- Directory Protection
Enable the DirectoryIndex Protection, preventing directory index listings and defaulting. - Password Protect wp-login.php
Requires a valid user/pass to access the login page - Password Protect wp-admin
Requires a valid user/pass to access any non-static (css, js, images) file in this directory. - Protect wp-content
Denies any Direct request for files ending in .php with a 403 Forbidden. - Protect wp-includes
Denies any Direct request for files ending in .php with a 403 Forbidden. - Common Exploits
Block common exploit requests with 403 Forbidden. - Stop Hotlinking
Denies any request for static files (images, css, etc) if referrer is not local site or empty. - Safe Request Methods
Denies any request not using GET,PROPFIND,POST,OPTIONS,PUT,HEAD - Forbid Proxies
Denies any POST Request using a Proxy Server. Can still access site, but not comment. See Perishable Press - Real wp-comments-post.php
Denies any POST attempt made to a non-existing wp-comments-post.php - HTTP PROTOCOL
Denies any badly formed HTTP PROTOCOL in the request, 0.9, 1.0, and 1.1 only - SPECIFY CHARACTERS
Denies any request for a url containing characters other than “a-zA-Z0-9.+/-?=&” - REALLY helps but may break your site depending on your links. - BAD Content Length
Denies any POST request that doesnt have a Content-Length Header - BAD Content Type
Denies any POST request with a content type other than application/x-www-form-urlencoded|multipart/form-data - Directory Traversal
Denies Requests containing ../ or ./. which is a directory traversal exploit attempt - PHPSESSID Cookie
Only blocks when a PHPSESSID cookie is sent by the user and it contains characters other than 0-9a-z - *** Safe, Use - NO HOST:
Denies requests that dont contain a HTTP HOST Header. - Bogus Graphics Exploit
Denies obvious exploit using bogus graphics - No UserAgent, No Post
Denies POST requests by blank user-agents. May prevent a small number of visitors from POSTING. - No Referer, No Comment
Denies any comment attempt with a blank HTTP_REFERER field, highly indicative of spam. - Trackback Spam
Denies obvious trackback spam. See Holy Shmoly! - SSL-Only Site
Redirects all non-SSL (https) requests to your https-enabled url - Anti-Spam, Anti-Exploits
Denies Obvious Spam and uses advanced mod_security protection
Go get it tiger! ;)
Plugin page: www.askapache.com/wordpress/htaccess-password-protect.html
No comments:
Post a Comment