1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

The Perfect htaccess File For Your Wordpress Blog...Well, Almost Perfect...

Discussion in 'Blogging' started by Maruk, Mar 31, 2011.

  1. Maruk

    Maruk Power Member

    Joined:
    Jun 15, 2009
    Messages:
    562
    Likes Received:
    899
    Home Page:
    First off, not my file, not my method. I got this from the following page:
    http://www.josiahcole.com/2007/07/11/almost-perfect-htaccess-file-for-wordpress-blogs/

    Code:
    [I] # protect the htaccess file
      <files .htaccess>
      order allow,deny
      deny from all
      </files>
    
    
     # disable the server signature
      ServerSignature Off
    
    
     # limit file uploads to 10mb
      LimitRequestBody 10240000
     
    
    # protect wpconfig.php
      <files wp-config.php>
      order allow,deny
      deny from all
      </files>
     
    
    #who has access who doesnt
      order allow,deny
      #deny from 000.000.000.000
      allow from all
     
    
    #custom error docs
      ErrorDocument 404 /notfound.php
      ErrorDocument 403 /forbidden.php
      ErrorDocument 500 /error.php
     
    
    # disable directory browsing
      Options All -Indexes
     
    
    #redirect old to new
      
    Redirect 301 /old.php http://www.yourdomain.com/new.php
     
    
    #block referring domains
      RewriteEngine on
      RewriteCond %{HTTP_REFERER} digg\.com [NC]
      RewriteRule .* ? [F]
     
    
    #disable hotlinking of images with forbidden or custom image option
      RewriteEngine on
      RewriteCond %{HTTP_REFERER} !^$
      RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com/.*$ [NC]
      #RewriteRule \.(gif|jpg)$ ? [F]
      #RewriteRule \.(gif|jpg)$ http://www.yourdomain.com/stealingisbad.gif [R,L]
     
    
    # php compression ? use with caution
      <ifmodule mod_php4.c>
      php_value zlib.output_compression 16386
      </ifmodule>
     
    
    # set the canonical url
      RewriteEngine On
      RewriteCond %{HTTP_HOST} ^yourdomain\.com$ [NC]
      RewriteRule ^(.*)$ http://www.yourdomain.com/$1 [R=301,L]
     
    
    [B][COLOR=Red]# protect from spam comments
      RewriteEngine On
      RewriteCond %{REQUEST_METHOD} POST
      RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
      RewriteCond %{HTTP_REFERER} !.*yourdomain.com.* [OR]
      RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L][/COLOR][/B]
     [/I]
    Remove the comment # from the properties you want to use.
    Btw, I especially like the anti spam feature haha!

    Once again, if you need more details go to the source: http://www.josiahcole.com/2007/07/11/almost-perfect-htaccess-file-for-wordpress-blogs/
     
    • Thanks Thanks x 9
  2. socialmediaking

    socialmediaking Regular Member

    Joined:
    Feb 25, 2011
    Messages:
    201
    Likes Received:
    237
    Occupation:
    Making The World Mobile
    what does that last section actually do to fight the comment spam?
     
  3. Maruk

    Maruk Power Member

    Joined:
    Jun 15, 2009
    Messages:
    562
    Likes Received:
    899
    Home Page:
    The code looks for the referer of the visitor and if it is anything other than your blog url the spambot (SB) will be redirected.
     
  4. socialmediaking

    socialmediaking Regular Member

    Joined:
    Feb 25, 2011
    Messages:
    201
    Likes Received:
    237
    Occupation:
    Making The World Mobile
    will this work? i am looking for a solution to stop blog commenting on all of my blogs, which is kind of ironic because on the other end, i'm using sb to spam other's blogs lol.
     
  5. Maruk

    Maruk Power Member

    Joined:
    Jun 15, 2009
    Messages:
    562
    Likes Received:
    899
    Home Page:
    Yes this will work.
     
  6. darrensss

    darrensss Power Member

    Joined:
    Jun 10, 2010
    Messages:
    697
    Likes Received:
    79
    hey, thanks for the share ... would you be so kind to explain what each section/command does? i could really do with protecting my blogs by .htaccess but i dont really understand what it all means?
     
  7. m0g0l

    m0g0l BANNED BANNED

    Joined:
    Sep 8, 2010
    Messages:
    224
    Likes Received:
    5,000
    hello there what does this thing do? for what is this? sorry for my stupidity i just want to know what is this and purpose of doing that. Thanks.
     
  8. trigger_my_passion

    trigger_my_passion Junior Member

    Joined:
    Oct 2, 2008
    Messages:
    108
    Likes Received:
    483
    Another option is to use BulletProof Security plugin. It secures .htaccess.

    Code:
    http://www.ait-pro.com/aitpro-blog/1166/bulletproof-security-plugin-support/bulletproof-security-plugin-guide-bps-version-45/
     
  9. Maruk

    Maruk Power Member

    Joined:
    Jun 15, 2009
    Messages:
    562
    Likes Received:
    899
    Home Page:
    Every block of code has a line of comment that tells you exactly what that code does. I don't really know how to make it more clear :(
     
  10. aasmaforu

    aasmaforu Registered Member

    Joined:
    Apr 30, 2010
    Messages:
    61
    Likes Received:
    32
    Hey thanx for the great share :thinking:
     
  11. solventnine

    solventnine Junior Member

    Joined:
    Dec 4, 2009
    Messages:
    113
    Likes Received:
    16
    Thanks for the share!

    I also like creating a db.php file outside of public_html/ with all of the stuff that should be secure (like database user, pass, host, etc) and then calling that in wp-config.php as
    Code:
    require('../db.php');
     
  12. snwbrdstylee

    snwbrdstylee Registered Member

    Joined:
    Aug 12, 2008
    Messages:
    73
    Likes Received:
    22
    Hmmm, how would I use the spammer redirect to have it redirect to Matt Cutt's blog? I'd really love for him to have all of my blog's SB spam.
     
    Last edited: Apr 7, 2011
  13. socialmediaking

    socialmediaking Regular Member

    Joined:
    Feb 25, 2011
    Messages:
    201
    Likes Received:
    237
    Occupation:
    Making The World Mobile
    haha i like that idea
     
  14. solventnine

    solventnine Junior Member

    Joined:
    Dec 4, 2009
    Messages:
    113
    Likes Received:
    16
    Change the final rewrite rule (take the spaces out of ht tp)
    Code:
    RewriteRule (.*) ^ht tp://%{REMOTE_ADDR}/$ [R=301,L]
    to
    Code:
    RewriteRule (.*) ^ht tp://ENTER_URL_HERE [R=301,L]
    Of course...the recipient domain could track the originating IP and referrer. You could redirect to anything you want extra clicks on and you don't mind providing the referrer...
     
  15. solventnine

    solventnine Junior Member

    Joined:
    Dec 4, 2009
    Messages:
    113
    Likes Received:
    16
    If you get hit with a ton of spam comments, you could alternately redirect those to a site you want extra traffic on.
     
  16. AquaClean

    AquaClean Regular Member

    Joined:
    Oct 4, 2010
    Messages:
    260
    Likes Received:
    401
    Thanks for the share will put it to use.