# ===================================== # BASIC SECURITY HARDENING # ===================================== # Protect wp-config Require all denied # Protect .htaccess Require all denied # Disable directory browsing Options -Indexes # Block access to sensitive files Require all denied # ===================================== # BLOCK COMMON EXPLOITS # ===================================== RewriteEngine On # Block base64 injections RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR] # Block script injections RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR] # Block GLOBALS & _REQUEST RewriteCond %{QUERY_STRING} GLOBALS(=|\[) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[) RewriteRule .* - [F,L] # ===================================== # BLOCK PHP EXECUTION IN UPLOADS # ===================================== RewriteRule ^wp-content/uploads/.*\.php$ - [F,L] # ===================================== # WORDPRESS CORE RULES # ===================================== RewriteEngine On RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME}