Skip to content

Credits

Jump to bottom
Jay Holtslander edited this page Jul 13, 2017 · 1 revision

Overview

This file is a mish-mash of content pulled from various sources. It's divided into a couple sections.

  • Tweaks
    • Show The Admin’s Email Address In Apache Error Messages
    • Remove Server Signature Completely
    • Block Access To Directories Without A Default Document
    • Prevent Image Hotlinking
    • Allow Cross-Origin Requests
    • Send The Cors Header For Images When Browsers Request It
    • Cross-Origin Web Fonts
    • Custom Error Pages
    • Prevents Overzealous 404 Errors From Apache
    • Turn Off Directory Indexing
    • Increase Maximum Upload File Size (Optional)
    • Add Support For Svg And Htc
    • Redirect All Wordpress Feeds To Feedburner
    • Block Access To Any Source Files
    • Force Internet Explorer 8/9/10 To Render Pages In The Highest Mode
    • Change URL
    • Force SSL
    • Serve Resources With The Proper Media Types (Mime Types)
    • Character Encodings As UTF-8
  • Performance
    • Compress With Gzip
    • Mod_Deflate
    • Force Compression For Mangled Accept-Encoding Request Headers
    • Compress Media Types
    • Google's Mod_Pagespeed
    • Expire Headers
    • Begin Cache-Control Headers
    • Enable Keep-Alive
    • Disable Etag
  • Security
    • Block Wordpress xmlrpc.php Requests
    • Block Individual Ip Addresses
    • Strong Htaccess Protection
    • Remove The X-Powered-By Response Header
    • Recognize Ssl When Set At A Load Balancer/Proxy Level (For Cloudflare)
    • Prevent Wordpress Version Exposure In Readme.Html
    • Disable Http Trace
    • Block Access To Hidden Files & Directories
    • Block Access To Files That Can Expose Sensitive Information
    • Disable Access To Wordpress Wp-Config File
    • Disable Access To Sftp-Config.Json
    • Disable Access To Includes.
    • Pass The Default Character Set
    • Redirect Spammer Attacks To Bogus Site
    • Deny No Referer Requests - http://www.wprecipes.com/how-to-deny-comment-posting-to-no-referrer-requests
    • Block Browser Access To Log Files
    • Stop Wordpress Username Enumeration Vulnerability
    • Wp Hardening Security Headers
    • Block Common Malicious Bot Queries
    • Abuse User Agents Blocking - Blocking User Agents Stops Traffic From The Named Bots Below
    • 2014 Micro Blacklist Plus Malicious Bots And Search Spiders.
    • Start Bad Bot Prevention
    • Block Specific Sites From Stealing Bandwidth By Hotlinking To Images
    • Abuse Http Referrer Blocking - Blocking Referrer Domains Stops Traffic Originating From The Specified Domains
  • 301 Redirects

Various sources of all this goodness

Clone this wiki locally