{"id":20716658,"url":"https://github.com/jurerotar/wordpress-security-and-performance","last_synced_at":"2025-04-23T13:21:42.078Z","repository":{"id":188790749,"uuid":"302660347","full_name":"jurerotar/Wordpress-security-and-performance","owner":"jurerotar","description":"Apache configuration and useful functions for more secure and performant Wordpress sites.","archived":false,"fork":false,"pushed_at":"2025-03-11T08:02:55.000Z","size":52,"stargazers_count":24,"open_issues_count":0,"forks_count":4,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-03-30T00:04:10.731Z","etag":null,"topics":["apache","htaccess","php","security","wordpress","wordpress-development","wordpress-security","wp"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jurerotar.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-10-09T14:10:45.000Z","updated_at":"2025-03-17T12:35:16.000Z","dependencies_parsed_at":"2023-08-16T22:04:35.755Z","dependency_job_id":"e2a0903f-9670-47d4-982b-51c925b582c9","html_url":"https://github.com/jurerotar/Wordpress-security-and-performance","commit_stats":null,"previous_names":["jurerotar/wordpress-security-and-performance"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jurerotar%2FWordpress-security-and-performance","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jurerotar%2FWordpress-security-and-performance/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jurerotar%2FWordpress-security-and-performance/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jurerotar%2FWordpress-security-and-performance/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jurerotar","download_url":"https://codeload.github.com/jurerotar/Wordpress-security-and-performance/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250439371,"owners_count":21430839,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["apache","htaccess","php","security","wordpress","wordpress-development","wordpress-security","wp"],"created_at":"2024-11-17T03:06:26.542Z","updated_at":"2025-04-23T13:21:42.058Z","avatar_url":"https://github.com/jurerotar.png","language":"PHP","readme":"# Apache configuration for secure and performant WordPress sites\n\nApache configuration for secure and performant WordPress sites. Some of these rules may not work with your WordPress installation, so test settings before deploying.\n\n## Apache and PHP settings\n\n### Hide PHP errors\nHide any errors from showing. Errors can be used by attackers to gain information about our system.\n```apache\n# Hide any errors from showing\nphp_flag display_errors Off\n```\n\n### Disable directory browsing\nDisable directory browsing\n```apache\n# Disable directory browsing\nOptions All -Indexes\n```\n\n### Disable server signature\nDisables the server signature\n```apache\n# Disables the server signature\nServerSignature Off\n```\n\nSet default charset\n```apache\n# Set default charset\nAddDefaultCharset UTF-8\n```\n## Deny access\n\n### Deny access to important core files\nPrevent access to important files in the root folder. Attackers can use the information in these files to gain important information about your WordPress installation and server settings.\n```apache\n# Prevent access to important files\n\u003cFilesMatch \"^.*(readme.html|debug.log|error_log|wp-config\\.php|php.ini|\\.[hH][tT][aApP].*)$\"\u003e\n    Order Deny,Allow\n    Deny from all\n\u003c/FilesMatch\u003e\n```\n\n### Deny access to login page\nPreventing unknown computers from accessing your login page, can easily prevent brute force attacks on your website.\n```apache\n# Disable login access from all except your IP\n\u003cFilesMatch \"wp-login.php\"\u003e\n    Order Deny,Allow\n    Deny from all\n    Allow from xxx.xxx.xxx.xxx\n\u003c/FilesMatch\u003e\n```\n\n### Force encrypted connection\n```apache\n# Force encrypted connection\n\u003cIfModule mod_rewrite.c\u003e\n    RewriteEngine On\n    RewriteCond %{HTTPS} off\n    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]\n\u003c/IfModule\u003e\n```\n\n### Blocks some XSS attacks\n```apache\n# Blocks some XSS attacks\n\u003cIfModule mod_rewrite.c\u003e\n    RewriteCond %{QUERY_STRING} (\\|%3E) [NC,OR]\n    RewriteCond %{QUERY_STRING} GLOBALS(=|\\[|\\%[0-9A-Z]{0,2}) [OR]\n    RewriteCond %{QUERY_STRING} _REQUEST(=|\\[|\\%[0-9A-Z]{0,2})\n    RewriteRule .* index.php [F,L]\n\u003c/IfModule\u003e\n```\n\n### Hide `wp-includes` folder\n`wp-includes` folder contains core files for your WordPress installation. These files are never needed by the users, so they should not have access to them.\n```apache\n# Blocks all wp-includes folders and files\n\u003cIfModule mod_rewrite.c\u003e\n    RewriteEngine On\n    RewriteBase /\n    RewriteRule ^wp-admin/includes/ - [F,L]\n    RewriteRule !^wp-includes/ - [S=3]\n    RewriteRule ^wp-includes/[^/]+\\.php$ - [F,L]\n    RewriteRule ^wp-includes/js/tinymce/langs/.+\\.php - [F,L]\n    RewriteRule ^wp-includes/theme-compat/ - [F,L]\n\u003c/IfModule\u003e\n```\n\nRestricts access to PHP files from plugin and theme directories\n```apache\n# Restricts access to PHP files from plugin and theme directories\n#RewriteCond %{REQUEST_URI} !^/wp-content/plugins/file-to-exclude\\.php\n#RewriteCond %{REQUEST_URI} !^/wp-content/plugins/directory-to-exclude/\nRewriteRule wp-content/plugins/(.*\\.php)$ - [R=404,L]\n#RewriteCond %{REQUEST_URI} !^/wp-content/themes/file-to-exclude\\.php\n#RewriteCond %{REQUEST_URI} !^/wp-content/themes/directory-to-exclude/\nRewriteRule wp-content/themes/(.*\\.php)$ - [R=404,L]\n```\n\n## Security and performance headers\n\n```apache\n# Security and performance headers\n\n\u003cIfModule mod_headers.c\u003e\n    # X-Frame-Options\n\tHeader set X-Frame-Options \"SAMEORIGIN\"\n\n    # Prevents browsers from interpreting files as a different MIME type, reducing the risk of security vulnerabilities like MIME-sniffing attacks\n    Header set X-Content-Type-Options \"nosniff\"\n\n    # Strict-Transport-Security\n    Header always set Strict-Transport-Security \"max-age=63072000; includeSubDomains\"\n\n    # Content-Security-Policy\n    Header set Content-Security-Policy \"default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'\"\n\n    # Hide X-Powered-By header\n    Header unset X-Powered-By\n\n    # The 'Referrer Policy' header controls what information is passed on to the next site whenever a link is clicked on your site.\n    Header set Referrer-Policy \"no-referrer-when-downgrade\"\n\n    # Prevents hotlinking of Adobe resources\n    Header set X-Permitted-Cross-Domain-Policies \"none\"\n\n    # Disables the ETag Header\n    Header unset ETag\n\n    # Set site features\n    Header set Feature-Policy \"camera 'none'; fullscreen 'self'; geolocation *; microphone 'none'\"\n\n    # Set permision policy header\n    Header set Permissions-Policy \"geolocation=(*), microphone=(), camera=(), fullscreen=(self)\"\n    \n    # Enables Cross-Site Scripting (XSS) filtering in browsers, providing basic protection against XSS attacks\n    Header set X-XSS-Protection \"1; mode=block\"\n\u003c/IfModule\u003e\n```\n\n## Block bad bots\n\nBlock spambots (Updated 8.8.2024)\n```apache\n# Block spambots (Updated 8.8.2024)\n# https://perishablepress.com/4g-ultimate-user-agent-blacklist/\n\u003cIfModule mod_rewrite.c\u003e\nRewriteEngine on\nRewriteCond %{HTTP_USER_AGENT} ^$|\\\u003c|\\\u003e|\\'|\\%|\\_iRc|\\_Works|\\@\\$x|\\\u003c\\?|\\$x0e|\\+select\\+|\\+union\\+|1\\,\\1\\,1\\,|2icommerce|3GSE|4all|59\\.64\\.153\\.|88\\.0\\.106\\.|98|85\\.17\\.|A\\_Browser|ABAC|Abont|abot|Accept|Access|Accoo|AceFTP|Acme|ActiveTouristBot|Address|Adopt|adress|adressendeutschland|ADSARobot|agent|ah\\-ha|Ahead|AESOP\\_com\\_SpiderMan|aipbot|Alarm|Albert|Alek|Alexibot|Alligator|AllSubmitter|alma|almaden|ALot|Alpha|aktuelles|Akregat|Amfi|amzn\\_assoc|Anal|Anarchie|andit|Anon|AnotherBot|Ansearch|AnswerBus|antivirx|Apexoo|appie|Aqua_Products|Arachmo|archive|arian|ASPSe|ASSORT|aster|Atari|ATHENS|AtHome|Atlocal|Atomic_Email_Hunter|Atomz|Atrop|^attach|attrib|autoemailspider|autohttp|axod|batch|b2w|Back|BackDoorBot|BackStreet|BackWeb|Badass|Baid|Bali|Bandit|Baidu|Barry|BasicHTTP|BatchFTP|bdfetch|beat|Become|Beij|BenchMark|berts|bew|big.brother|Bigfoot|Bilgi|Bison|Bitacle|Biz360|Black|Black.Hole|BlackWidow|bladder.fusion|Blaiz|Blog.Checker|Blogl|BlogPeople|Blogshares.Spiders|Bloodhound|Blow|bmclient|Board|BOI|boitho|Bond|Bookmark.search.tool|boris|Bost|Boston.Project|BotRightHere|Bot.mailto:craftbot@yahoo.com|BotALot|botpaidtoclick|botw|brandwatch|BravoBrian|Brok|Bropwers|Broth|browseabit|BrowseX|Browsezilla|Bruin|bsalsa|Buddy|Build|Built|Bulls|bumblebee|Bunny|Busca|Busi|Buy|bwh3|c\\-spider|CafeK|Cafi|camel|Cand|captu|Catch|cd34|Ceg|CFNetwork|cgichk|Cha0s|Chang|chaos|Char|char\\(32\\,35\\)|charlotte|CheeseBot|Chek|CherryPicker|chill|ChinaClaw|CICC|Cisco|Cita|Clam|Claw|Click.Bot|clipping|clshttp|Clush|COAST|ColdFusion|Coll|Comb|commentreader|Compan|contact|Control|contype|Conc|Conv|Copernic|Copi|Copy|Coral|Corn|core-project|cosmos|costa|cr4nk|crank|craft|Crap|Crawler0|Crazy|Cres|cs\\-CZ|cuill|Curl|Custo|Cute|CSHttp|Cyber|cyberalert|^DA$|daoBot|DARK|Data|Daten|Daum|dcbot|dcs|Deep|DepS|Detect|Deweb|Diam|Digger|Digimarc|digout4uagent|DIIbot|Dillo|Ding|DISC|discobot|Disp|Ditto|DLC|DnloadMage|DotBot|Doubanbot|Download|Download.Demon|Download.Devil|Download.Wonder|Downloader|drag|DreamPassport|Drec|Drip|dsdl|dsok|DSurf|DTAAgent|DTS|Dual|dumb|DynaWeb|e\\-collector|eag|earn|EARTHCOM|EasyDL|ebin|EBM-APPLE|EBrowse|eCatch|echo|ecollector|Edco|edgeio|efp\\@gmx\\.net|EirGrabber|email|Email.Extractor|EmailCollector|EmailSearch|EmailSiphon|EmailWolf|Emer|empas|Enfi|Enhan|Enterprise\\_Search|envolk|erck|EroCr|ESurf|Eval|Evil|Evere|EWH|Exabot|Exact|EXPLOITER|Expre|Extra|ExtractorPro|EyeN|FairAd|Fake|FANG|FAST|fastlwspider|FavOrg|Favorites.Sweeper|Faxo|FDM\\_1|FDSE|fetch|FEZhead|Filan|FileHound|find|Firebat|Firefox.2\\.0|Firs|Flam|Flash|FlickBot|Flip|fluffy|flunky|focus|Foob|Fooky|Forex|Forum|ForV|Fost|Foto|Foun|Franklin.Locator|freefind|FreshDownload|FrontPage|FSurf|Fuck|Fuer|futile|Fyber|Gais|GalaxyBot|Galbot|Gamespy\\_Arcade|GbPl|Gener|geni|Geona|Get|gigabaz|Gira|Ginxbot|gluc|glx.?v|gnome|Go.Zilla|Goldfire|Google.Wireless.Transcoder|Googlebot\\-Image|Got\\-It|GOFORIT|gonzo|GornKer|GoSearch|^gotit$|gozilla|grab|Grabber|GrabNet|Grub|Grup|Graf|Green.Research|grub|grub\\-client|gsa\\-cra|GSearch|GT\\:\\:WWW|GuideBot|guruji|gvfs|Gyps|hack|haha|hailo|Harv|Hatena|Hax|Head|Helm|herit|hgre|hhjhj\\@yahoo|Hippo|hloader|HMView|holm|holy|HomePageSearch|HooWWWer|HouxouCrawler|HMSE|HPPrint|htdig|HTTPConnect|httpdown|http.generic|HTTPGet|httplib|HTTPRetriever|HTTrack|human|Huron|hverify|Hybrid|Hyper|ia\\_archiver|iaskspi|IBM\\_Planetwide|iCCra|ichiro|ID\\-Search|IDA|IDBot|IEAuto|IEMPT|iexplore\\.exe|iGetter|Ilse|Iltrov|Image|Image.Stripper|Image.Sucker|imagefetch|iimds\\_monitor|Incutio|IncyWincy|Indexer|Industry.Program|Indy|InetURL|informant|InfoNav|InfoTekies|Ingelin|Innerpr|Inspect|InstallShield.DigitalWizard|Insuran\\.|Intellig|Intelliseek|InterGET|Internet.Ninja|Internet.x|Internet\\_Explorer|InternetLinkagent|InternetSeer.com|Intraf|IP2|Ipsel|Iria|IRLbot|Iron33|Irvine|ISC\\_Sys|iSilo|ISRCCrawler|ISSpi|IUPUI.Research.Bot|Jady|Jaka|Jam|^Java|java\\/|Java\\(tm\\)|JBH.agent|Jenny|JetB|JetC|jeteye|jiro|JoBo|JOC|jupit|Just|Jyx|Kapere|kash|Kazo|KBee|Kenjin|Kernel|Keywo|KFSW|KKma|Know|kosmix|KRAE|KRetrieve|Krug|ksibot|ksoap|Kum|KWebGet|Lachesis|lanshan|Lapo|larbin|leacher|leech|LeechFTP|LeechGet|leipzig\\.de|Lets|Lexi|lftp|Libby|libcrawl|libcurl|libfetch|libghttp|libWeb|libwhisker|libwww|libwww\\-FM|libwww\\-perl|LightningDownload|likse|Linc|Link|Link.Sleuth|LinkextractorPro|Linkie|LINKS.ARoMATIZED|LinkScan|linktiger|LinkWalker|Lint|List|lmcrawler|LMQ|LNSpiderguy|loader|LocalcomBot|Locu|London|lone|looksmart|loop|Lork|LTH\\_|lwp\\-request|LWP|lwp-request|lwp-trivial|Mac.Finder|Macintosh\\;.I\\;.PPC|Mac\\_F|magi|Mag\\-Net|Magnet|Magp|Mail.Sweeper|main|majest|Mam|Mana|MarcoPolo|mark.blonin|MarkWatch|MaSagool|Mass|Mass.Downloader|Mata|mavi|McBot|Mecha|MCspider|mediapartners|^Memo|MEGAUPLOAD|MetaProducts.Download.Express|Metaspin|Mete|Microsoft.Data.Access|Microsoft.URL|Microsoft\\_Internet\\_Explorer|MIDo|MIIx|miner|Mira|MIRE|Mirror|Miss|Missauga|Missigua.Locator|Missouri.College.Browse|Mist|Mizz|MJ12|mkdb|mlbot|MLM|MMMoCrawl|MnoG|moge|Moje|Monster|Monza.Browser|Mooz|Moreoverbot|MOT\\-MPx220|mothra\\/netscan|mouse|MovableType|Mozdex|Mozi\\!|^Mozilla$|Mozilla\\/1\\.22|Mozilla\\/22|^Mozilla\\/3\\.0.\\(compatible|Mozilla\\/3\\.Mozilla\\/2\\.01|Mozilla\\/4\\.0\\(compatible|Mozilla\\/4\\.08|Mozilla\\/4\\.61.\\(Macintosh|Mozilla\\/5\\.0|Mozilla\\/7\\.0|Mozilla\\/8|Mozilla\\/9|Mozilla\\:|Mozilla\\/Firefox|^Mozilla.*Indy|^Mozilla.*NEWT|^Mozilla*MSIECrawler|Mp3Bot|MPF|MRA|MS.FrontPage|MS.?Search|MSFrontPage|MSIE\\_6\\.0|MSIE6|MSIECrawler|msnbot\\-media|msnbot\\-Products|MSNPTC|MSProxy|MSRBOT|multithreaddb|musc|MVAC|MWM|My\\_age|MyApp|MyDog|MyEng|MyFamilyBot|MyGetRight|MyIE2|mysearch|myurl|NAG|NAMEPROTECT|NASA.Search|nationaldirectory|Naver|Navr|Near|NetAnts|netattache|Netcach|NetCarta|Netcraft|NetCrawl|NetMech|netprospector|NetResearchServer|NetSp|Net.Vampire|netX|NetZ|Neut|newLISP|NewsGatorInbox|NEWT|NEWT.ActiveX|Next|^NG|NICE|nikto|Nimb|Ninja|Ninte|NIPGCrawler|Noga|nogo|Noko|Nomad|Norb|noxtrumbot|NPbot|NuSe|Nutch|Nutex|NWSp|Obje|Ocel|Octo|ODI3|oegp|Offline|Offline.Explorer|Offline.Navigator|OK.Mozilla|omg|Omni|Onfo|onyx|OpaL|OpenBot|Openf|OpenTextSiteCrawler|OpenU|Orac|OrangeBot|Orbit|Oreg|osis|Outf|Owl|P3P|PackRat|PageGrabber|PagmIEDownload|pansci|Papa|Pars|Patw|pavu|Pb2Pb|pcBrow|PEAR|PEER|PECL|pepe|Perl|PerMan|PersonaPilot|Persuader|petit|PHP|PHP.vers|PHPot|Phras|PicaLo|Piff|Pige|pigs|^Ping|Pingd|PingALink|Pipe|Plag|Plant|playstarmusic|Pluck|Pockey|POE\\-Com|Poirot|Pomp|Port.Huron|Post|powerset|Preload|press|Privoxy|Probe|Program.Shareware|Progressive.Download|ProPowerBot|prospector|Provider.Protocol.Discover|ProWebWalker|Prowl|Proxy|Prozilla|psbot|PSurf|psycheclone|^puf$|Pulse|Pump|PushSite|PussyCat|PuxaRapido|PycURL|Pyth|PyQ|QuepasaCreep|Query|Quest|QRVA|Qweer|radian|Radiation|Rambler|RAMP|RealDownload|Reap|Recorder|RedCarpet|RedKernel|ReGet|relevantnoise|replacer|Repo|requ|Rese|Retrieve|Rip|Rix|RMA|Roboz|Rogue|Rover|RPT\\-HTTP|Rsync|RTG30|.ru\\)|ruby|Rufus|Salt|Sample|SAPO|Sauger|savvy|SBIder|SBP|SCAgent|scan|SCEJ\\_|Sched|Schizo|Schlong|Schmo|Scout|Scooter|Scorp|ScoutOut|SCrawl|screen|script|SearchExpress|searchhippo|Searchme|searchpreview|searchterms|Second.Street.Research|Security.Kol|Seekbot|Seeker|Sega|Sensis|Sept|Serious|Sezn|Shai|Share|Sharp|Shaz|shell|shelo|Sherl|Shim|Shiretoko|ShopWiki|SickleBot|Simple|Siph|sitecheck|SiteCrawler|SiteSnagger|Site.Sniper|SiteSucker|sitevigil|SiteX|Sleip|Slide|Slurpy.Verifier|Sly|Smag|SmartDownload|Smurf|sna\\-|snag|Snake|Snapbot|Snip|Snoop|So\\-net|SocSci|sogou|Sohu|solr|sootle|Soso|SpaceBison|Spad|Span|spanner|Speed|Spegla|Sphere|Sphider|spider|SpiderBot|SpiderEngine|SpiderView|Spin|sproose|Spurl|Spyder|Squi|SQ.Webscanner|sqwid|Sqworm|SSM\\_Ag|Stack|Stamina|stamp|Stanford|Statbot|State|Steel|Strateg|Stress|Strip|studybot|Style|subot|Suck|Sume|sun4m|Sunrise|SuperBot|SuperBro|Supervi|Surf4Me|SuperHTTP|Surfbot|SurfWalker|Susi|suza|suzu|Sweep|sygol|syncrisis|Systems|Szukacz|Tagger|Tagyu|tAke|Talkro|TALWinHttpClient|tamu|Tandem|Tarantula|tarspider|tBot|TCF|Tcs\\/1|TeamSoft|Tecomi|Teleport|Telesoft|Templeton|Tencent|Terrawiz|Test|TexNut|trivial|Turnitin|The.Intraformant|TheNomad|Thomas|TightTwatBot|Timely|Titan|TMCrawler|TMhtload|toCrawl|Todobr|Tongco|topic|Torrent|Track|translate|Traveler|TREEVIEW|True|Tunnel|turing|Turnitin|TutorGig|TV33\\_Mercator|Twat|Tweak|Twice|Twisted.PageGetter|Tygo|ubee|UCmore|UdmSearch|UIowaCrawler|Ultraseek|UMBC|unf|UniversalFeedParser|unknown|UPG1|UtilMind|URLBase|URL.Control|URL\\_Spider\\_Pro|urldispatcher|URLGetFile|urllib|URLSpiderPro|URLy|User\\-Agent|UserAgent|USyd|Vacuum|vagabo|Valet|Valid|Vamp|vayala|VB\\_|VCI|VERI\\~LI|verif|versus|via|Viewer|virtual|visibilitygap|Visual|vobsub|Void|VoilaBot|voyager|vspider|VSyn|w\\:PACBHO60|w0000t|W3C|w3m|w3search|walhello|Walker|Wand|WAOL|WAPT|Watch|Wavefire|wbdbot|Weather|web.by.mail|Web.Data.Extractor|Web.Downloader|Web.Ima|Web.Mole|Web.Sucker|Web2Mal|Web2WAP|WebaltBot|WebAuto|WebBandit|Webbot|WebCapture|WebCat|webcraft\\@bea|Webclip|webcollage|WebCollector|WebCopier|WebCopy|WebCor|webcrawl|WebDat|WebDav|webdevil|webdownloader|Webdup|WebEMail|WebEMailExtrac|WebEnhancer|WebFetch|WebGo|WebHook|Webinator|WebInd|webitpr|WebFilter|WebFountain|WebLea|Webmaster|WebmasterWorldForumBot|WebMin|WebMirror|webmole|webpic|WebPin|WebPix|WebReaper|WebRipper|WebRobot|WebSauger|WebSite|Website.eXtractor|Website.Quester|WebSnake|webspider|Webster|WebStripper|websucker|WebTre|WebVac|webwalk|WebWasher|WebWeasel|WebWhacker|WebZIP|Wells|WEP\\_S|WEP.Search.00|WeRelateBot|wget|Whack|Whacker|whiz|WhosTalking|Widow|Win67|window.location|Windows.95\\;|Windows.95\\)|Windows.98\\;|Windows.98\\)|Winodws|Wildsoft.Surfer|WinHT|winhttp|WinHttpRequest|WinHTTrack|Winnie.Poh|wire|WISEbot|wisenutbot|wish|Wizz|WordP|Works|world|WUMPUS|Wweb|WWWC|WWWOFFLE|WWW\\-Collector|WWW.Mechanize|www.ranks.nl|wwwster|^x$|X12R1|x\\-Tractor|Xaldon|Xenu|XGET|xirq|Y\\!OASIS|Y\\!Tunnel|yacy|YaDirectBot|Yahoo\\-MMAudVid|YahooSeeker|YahooYSMcm|Yamm|Yand|yang|Yeti|Yoono|yori|Yotta|YTunnel|Zade|zagre|ZBot|Zeal|ZeBot|zerx|Zeus|ZIPCode|Zixy|zmao|Zyborg [NC]\nRewriteRule ^(.*)$ - [F,L]\n\u003c/IfModule\u003e\n```\n\n## Compression and cache\n\n### File compression\n```apache\n\u003cIfModule mod_deflate.c\u003e\n  AddOutputFilterByType DEFLATE application/javascript\n  AddOutputFilterByType DEFLATE application/rss+xml\n  AddOutputFilterByType DEFLATE application/vnd.ms-fontobject\n  AddOutputFilterByType DEFLATE application/x-font\n  AddOutputFilterByType DEFLATE application/x-font-opentype\n  AddOutputFilterByType DEFLATE application/x-font-otf\n  AddOutputFilterByType DEFLATE application/x-font-truetype\n  AddOutputFilterByType DEFLATE application/x-font-ttf\n  AddOutputFilterByType DEFLATE application/x-javascript\n  AddOutputFilterByType DEFLATE application/xhtml+xml\n  AddOutputFilterByType DEFLATE application/xml\n  AddOutputFilterByType DEFLATE font/opentype\n  AddOutputFilterByType DEFLATE font/otf\n  AddOutputFilterByType DEFLATE font/ttf\n  AddOutputFilterByType DEFLATE image/svg+xml\n  AddOutputFilterByType DEFLATE image/x-icon\n  AddOutputFilterByType DEFLATE text/css\n  AddOutputFilterByType DEFLATE text/html\n  AddOutputFilterByType DEFLATE text/javascript\n  AddOutputFilterByType DEFLATE text/plain\n  AddOutputFilterByType DEFLATE text/xml\n\u003c/IfModule\u003e\n```\n\n### Browser cache\n\n```apache\n# Enable browser caching\n\u003cIfModule mod_expires.c\u003e\n  ExpiresActive On\n\n # Images\n  ExpiresByType image/jpeg \"access plus 1 year\"\n  ExpiresByType image/gif \"access plus 1 year\"\n  ExpiresByType image/png \"access plus 1 year\"\n  ExpiresByType image/webp \"access plus 1 year\"\n  ExpiresByType image/svg+xml \"access plus 1 year\"\n  ExpiresByType image/x-icon \"access plus 1 year\"\n\n  # Video\n  ExpiresByType video/webm \"access plus 1 year\"\n  ExpiresByType video/mp4 \"access plus 1 year\"\n  ExpiresByType video/mpeg \"access plus 1 year\"\n\n  # Fonts\n  ExpiresByType font/ttf \"access plus 1 year\"\n  ExpiresByType font/otf \"access plus 1 year\"\n  ExpiresByType font/woff \"access plus 1 year\"\n  ExpiresByType font/woff2 \"access plus 1 year\"\n  ExpiresByType application/font-woff \"access plus 1 year\"\n\n  # CSS, JavaScript\n  ExpiresByType text/css \"access plus 1 month\"\n  ExpiresByType text/javascript \"access plus 1 month\"\n  ExpiresByType application/javascript \"access plus 1 month\"\n\n  # Others\n  ExpiresByType application/pdf \"access plus 1 month\"\n  ExpiresByType image/vnd.microsoft.icon \"access plus 1 year\"\n\u003c/IfModule\u003e\n```\n\n## Optional settings\nAdd these options to your `.htaccess` only if the functionality they provide is not required by your WordPress site.\n\n### Disable author pages\nDisabling author pages prevents bots and attackers from gaining registered user information (like usernames), which can be used in attacks.\n```apache\n# Disable author pages\n\u003cIfModule mod_rewrite.c\u003e\n    RewriteEngine On\n    RewriteBase /\n    RewriteCond %{REQUEST_URI}  ^/$\n    RewriteCond %{QUERY_STRING} ^/?author=([0-9]*) [NC]\n    RewriteRule ^(.*)$ http://%{HTTP_HOST}/? [L,R=301,NC]\n\u003c/IfModule\u003e\n```\n\n### Block xmlrpc.php requests\nBlock WordPress xmlrpc.php requests\n```apache\n# Block WordPress xmlrpc.php requests\n\u003cFiles \"xmlrpc.php\"\u003e\n    Order Deny,Allow\n    Deny from all\n\u003c/Files\u003e\n```\n\n### Prevent image hot-linking\n```apache\n# Prevent image hotlinking\n\u003cIfModule mod_rewrite.c\u003e\n    RewriteEngine on\n    RewriteCond %{HTTP_REFERER} !^$\n    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\\.)?your-domain-here.com [NC]\n    RewriteRule \\.(jpg|jpeg|png|gif|webp)$ – [NC,F,L]\n\u003c/IfModule\u003e\n```\n\n### Prevent resources hot-linking\n```apache\n# Prevent resources hotlinking\n\u003cIfModule mod_rewrite.c\u003e\n    RewriteEngine on\n    RewriteCond %{HTTP_REFERER} !^$\n    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\\.)?your-domain-here.com [NC]\n    RewriteRule \\.(js|css)$ – [NC,F,L]\n\u003c/IfModule\u003e\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjurerotar%2Fwordpress-security-and-performance","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjurerotar%2Fwordpress-security-and-performance","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjurerotar%2Fwordpress-security-and-performance/lists"}