hardening your site
Hardening site
Setting your permissions is very important to.
Directories 755
Files 644
.htaccess 600
# BEGIN WordPress
# The directives (lines) between `BEGIN WordPress` and `END WordPress` are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
#add after ‘end wordpress’
#protect config file
<files wp-config.php>
order allow,deny
deny from all
</files>
# directory browsing
Options All -Indexes
#disable hot linking
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?mariapoulos [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ – [NC,F,L]
#disable hot linking but allowing google, bing, yahoo to link change your domain
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?flyingclouddesignshop.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?bing.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yahoo.com [NC]
RewriteRule \.(jpg|jpeg|png|gif|svg)$ https://flyingclouddesignshop.com/wp-content/uploads/2020/05/affordable-logos-at-flying-cloud-design-1.png [NC,R,L]
#protect htaccess itself denies files created beginning with hta
<files ~ “^.*\.([Hh][Tt][Aa])”>order allow,deny
deny from all
satisfy all
</files>
#next steps
#create new htaccess and put into wp-content directory
order deny,allow
deny from all
<files ~ “.(xml|css|jpe?g|png|gif|js)$”>
allow from all
</files>
thanks to :