Best wordpress security & maintenance

To be able to add new security layer in WordPress add those lines in the .htaccess file:

#Block directory listing
Options +FollowSymLinks -Indexes

#Block URLS with base64 encoding
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]

#Block scripts that try to change global variables
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})

#Block SQL injections
RewriteCond %{query_string} concat.*\( [NC,OR]
RewriteCond %{query_string} union.*select.*\([NC,OR]
RewriteCond %{query_string} union.*all.*select [NC]
RewriteRule ^(.*)$ index.php [F,L]

#Block well-known hackers' utilities
SetEnvIf user-agent "libwww-perl" stayout=1
SetEnvIf user-agent "Wget" stayout=1
deny from env=stayout

#Block access to sensitive files wp-config.php, .htaccess, readme.html and ru_RU.po, etc.
<Files wp-config.php>
Order Allow,Deny
Deny from all
</Files>
<Files .htaccess>
Order Allow,Deny
Deny from all
</Files>

#Block WordPress user reveal
RewriteCond %{QUERY_STRING} author=\d
RewriteRule ^ /? [L,R=301]

 

After that add those lines of code in robots.txt file

User-agent: *
Disallow: /cgi-bin
Disallow: /wp-login.php
Disallow: /wp-admin/
Disallow: /wp-includes/
Disallow: /wp-content/
Disallow: /wp-content/plugins/
Disallow: /wp-content/themes/
Disallow: /?author=*

 

Pin It on Pinterest

Share This