- # BEGIN iThemes Security - Do not modify or remove this line
- # iThemes Security Config Details: 2
- # Pass through Authorization header.
- <IfModule mod_rewrite.c>
- RewriteEngine On
- RewriteCond %{HTTP:Authorization} ^(.*)
- RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
- </IfModule>
- # Disable XML-RPC - Security > Settings > WordPress Tweaks > XML-RPC
- <files xmlrpc.php>
- <IfModule mod_authz_core.c>
- Require all denied
- </IfModule>
- <IfModule !mod_authz_core.c>
- Order allow,deny
- Deny from all
- </IfModule>
- </files>
- # Protect System Files - Security > Settings > System Tweaks > System Files
- <files .htaccess>
- <IfModule mod_authz_core.c>
- Require all denied
- </IfModule>
- <IfModule !mod_authz_core.c>
- Order allow,deny
- Deny from all
- </IfModule>
- </files>
- <files readme.html>
- <IfModule mod_authz_core.c>
- Require all denied
- </IfModule>
- <IfModule !mod_authz_core.c>
- Order allow,deny
- Deny from all
- </IfModule>
- </files>
- <files readme.txt>
- <IfModule mod_authz_core.c>
- Require all denied
- </IfModule>
- <IfModule !mod_authz_core.c>
- Order allow,deny
- Deny from all
- </IfModule>
- </files>
- <files wp-config.php>
- <IfModule mod_authz_core.c>
- Require all denied
- </IfModule>
- <IfModule !mod_authz_core.c>
- Order allow,deny
- Deny from all
- </IfModule>
- </files>
- # Disable Directory Browsing - Security > Settings > System Tweaks > Directory Browsing
- Options -Indexes
- <IfModule mod_rewrite.c>
- RewriteEngine On
- # Protect System Files - Security > Settings > System Tweaks > System Files
- RewriteRule ^wp-admin/install\.php$ - [F]
- RewriteRule ^wp-admin/includes/ - [F]
- RewriteRule !^wp-includes/ - [S=3]
- RewriteRule ^wp-includes/[^/]+\.php$ - [F]
- RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]
- RewriteRule ^wp-includes/theme-compat/ - [F]
- RewriteCond %{REQUEST_FILENAME} -f
- RewriteRule (^|.*/)\.(git|svn)/.* - [F]
- # Disable PHP in Uploads - Security > Settings > System Tweaks > PHP in Uploads
- RewriteRule ^wp\-content/uploads/.*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ - [NC,F]
- # Disable PHP in Plugins - Security > Settings > System Tweaks > PHP in Plugins
- RewriteRule ^wp\-content/plugins/.*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ - [NC,F]
- # Disable PHP in Themes - Security > Settings > System Tweaks > PHP in Themes
- RewriteRule ^wp\-content/themes/.*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ - [NC,F]
- # Filter Request Methods - Security > Settings > System Tweaks > Request Methods
- RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) [NC]
- RewriteRule ^.* - [F]
- # Filter Suspicious Query Strings in the URL - Security > Settings > System Tweaks > Suspicious Query Strings
- RewriteCond %{QUERY_STRING} \.\.\/ [OR]
- RewriteCond %{QUERY_STRING} \.(bash|git|hg|log|svn|swp|cvs) [NC,OR]
- RewriteCond %{QUERY_STRING} etc/passwd [NC,OR]
- RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
- RewriteCond %{QUERY_STRING} ftp: [NC,OR]
- RewriteCond %{QUERY_STRING} https?: [NC,OR]
- RewriteCond %{QUERY_STRING} (<|%3C)script(>|%3E) [NC,OR]
- RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
- RewriteCond %{QUERY_STRING} base64_decode\( [NC,OR]
- RewriteCond %{QUERY_STRING} %24&x [NC,OR]
- RewriteCond %{QUERY_STRING} 127\.0 [NC,OR]
- RewriteCond %{QUERY_STRING} (^|\W)(globals|encode|localhost|loopback)($|\W) [NC,OR]
- RewriteCond %{QUERY_STRING} (^|\W)(concat|insert|union|declare)($|\W) [NC,OR]
- RewriteCond %{QUERY_STRING} %[01][0-9A-F] [NC]
- RewriteCond %{QUERY_STRING} !^loggedout=true
- RewriteCond %{QUERY_STRING} !^action=jetpack-sso
- RewriteCond %{QUERY_STRING} !^action=rp
- RewriteCond %{HTTP_COOKIE} !wordpress_logged_in_
- RewriteCond %{HTTP_REFERER} !^http://maps\.googleapis\.com
- RewriteRule ^.* - [F]
- # Filter Non-English Characters - Security > Settings > System Tweaks > Non-English Characters
- RewriteCond %{QUERY_STRING} %[A-F][0-9A-F] [NC]
- RewriteRule ^.* - [F]
- </IfModule>
- # END iThemes Security - Do not modify or remove this line
- # BEGIN WordPress
- # The directives (lines) between "BEGIN WordPress" and "END WordPress" are
- # dynamically generated, and should only be modified via WordPress filters.
- # Any changes to the directives between these markers will be overwritten.
- <IfModule mod_rewrite.c>
- RewriteEngine On
- RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
- RewriteBase /
- RewriteRule ^index\.php$ - [L]
- RewriteCond %{REQUEST_FILENAME} !-f
- RewriteCond %{REQUEST_FILENAME} !-d
- RewriteRule . /index.php [L]
- </IfModule>
- # END WordPress
- # BEGIN WP-HUMMINGBIRD-CACHING
- # The directives (lines) between "BEGIN WP-HUMMINGBIRD-CACHING" and "END WP-HUMMINGBIRD-CACHING" are
- # dynamically generated, and should only be modified via WordPress filters.
- # Any changes to the directives between these markers will be overwritten.
- <IfModule mod_expires.c>
- ExpiresActive On
- ExpiresDefault A0
- <FilesMatch "\.(txt|xml|js)$">
- ExpiresDefault A31536000
- </FilesMatch>
- <FilesMatch "\.(css)$">
- ExpiresDefault A31536000
- </FilesMatch>
- <FilesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|woff2|svg)$">
- ExpiresDefault A31536000
- </FilesMatch>
- <FilesMatch "\.(jpg|jpeg|png|gif|swf|webp)$">
- ExpiresDefault A31536000
- </FilesMatch>
- </IfModule>
- <IfModule mod_headers.c>
- <FilesMatch "\.(txt|xml|js)$">
- Header set Cache-Control "max-age=31536000"
- </FilesMatch>
- <FilesMatch "\.(css)$">
- Header set Cache-Control "max-age=31536000"
- </FilesMatch>
- <FilesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|woff2|svg)$">
- Header set Cache-Control "max-age=31536000"
- </FilesMatch>
- <FilesMatch "\.(jpg|jpeg|png|gif|swf|webp)$">
- Header set Cache-Control "max-age=31536000"
- </FilesMatch>
- </IfModule>
- # END WP-HUMMINGBIRD-CACHING
- # BEGIN WP Performance Score Booster Settings
- # The directives (lines) between "BEGIN WP Performance Score Booster Settings" and "END WP Performance Score Booster Settings" are
- # dynamically generated, and should only be modified via WordPress filters.
- # Any changes to the directives between these markers will be overwritten.
- ## BEGIN GZIP Compression ##
- <IfModule mod_deflate.c>
- SetOutputFilter DEFLATE
- <IfModule mod_setenvif.c>
- <IfModule mod_headers.c>
- SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
- RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
- SetEnvIfNoCase Request_URI \
- \.(?:gif|jpe?g|png|rar|zip|exe|flv|mov|wma|mp3|avi|swf|mp?g|mp4|webm|webp|pdf)$ no-gzip dont-vary
- </IfModule>
- </IfModule>
- <IfModule mod_filter.c>
- AddOutputFilterByType DEFLATE application/atom+xml \
- application/javascript \
- application/json \
- application/rss+xml \
- application/vnd.ms-fontobject \
- application/x-font-ttf \
- application/xhtml+xml \
- application/xml \
- font/opentype \
- image/svg+xml \
- image/x-icon \
- text/css \
- text/html \
- text/plain \
- text/x-component \
- text/xml
- </IfModule>
- <IfModule mod_headers.c>
- Header append Vary: Accept-Encoding
- </IfModule>
- </IfModule>
- <IfModule mod_mime.c>
- AddType text/html .html_gzip
- AddEncoding gzip .html_gzip
- </IfModule>
- <IfModule mod_setenvif.c>
- SetEnvIfNoCase Request_URI \.html_gzip$ no-gzip
- </IfModule>
- ## END GZIP Compression ##
- ## BEGIN Leverage Browser Caching (Expires headers) for better cache control ##
- <IfModule mod_expires.c>
- ExpiresActive on
- ExpiresByType text/cache-manifest "access plus 0 seconds"
- # Media files
- ExpiresByType image/gif "access plus 4 months"
- ExpiresByType image/png "access plus 4 months"
- ExpiresByType image/jpeg "access plus 4 months"
- ExpiresByType image/webp "access plus 4 months"
- ExpiresByType video/ogg "access plus 1 month"
- ExpiresByType audio/ogg "access plus 1 month"
- ExpiresByType video/mp4 "access plus 1 month"
- ExpiresByType video/webm "access plus 1 month"
- ExpiresByType text/x-component "access plus 1 month"
- # Webfonts
- ExpiresByType font/ttf "access plus 4 months"
- ExpiresByType font/otf "access plus 4 months"
- ExpiresByType font/woff "access plus 4 months"
- ExpiresByType font/woff2 "access plus 4 months"
- ExpiresByType image/svg+xml "access plus 1 month"
- ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
- ExpiresByType text/css "access plus 1 year"
- ExpiresByType application/javascript "access plus 1 year"
- # HTML and Data
- ExpiresByType text/html "access plus 0 seconds"
- ExpiresByType text/xml "access plus 0 seconds"
- ExpiresByType application/xml "access plus 0 seconds"
- ExpiresByType application/json "access plus 0 seconds"
- # Feed
- ExpiresByType application/rss+xml "access plus 1 hour"
- ExpiresByType application/atom+xml "access plus 1 hour"
- # Favicon
- ExpiresByType image/x-icon "access plus 1 week"
- # Default
- ExpiresDefault "access plus 2 days"
- </IfModule>
- ## END Leverage Browser Caching (Expires headers) for better cache control ##
- ## BEGIN Disable ETag and set Cache-Control headers ##
- <IfModule mod_headers.c>
- Header unset ETag
- </IfModule>
- # Since we’re sending far-future expires, we don’t need ETags for static content.
- FileETag None
- <IfModule mod_alias.c>
- <FilesMatch "\.(css|htc|js|asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|json|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|otf|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|ttf|ttc|wav|wma|wri|xla|xls|xlsx|xlt|xlw|zip)$">
- <IfModule mod_headers.c>
- Header unset Pragma
- Header append Cache-Control "public"
- </IfModule>
- </FilesMatch>
- <FilesMatch "\.(html|htm|rtf|rtx|txt|xsd|xsl|xml)$">
- <IfModule mod_headers.c>
- Header set X-Powered-By "WP Performance Score Booster/2.0"
- Header unset Pragma
- Header append Cache-Control "public"
- Header unset Last-Modified
- </IfModule>
- </FilesMatch>
- </IfModule>
- ## END Disable ETag and set Cache-Control headers ##
- # END WP Performance Score Booster Settings
[text] public_html
Viewer
*** This page was generated with the meta tag "noindex, nofollow". This happened because you selected this option before saving or the system detected it as spam. This means that this page will never get into the search engines and the search bot will not crawl it. There is nothing to worry about, you can still share it with anyone.
Editor
You can edit this paste and save as new: