# BEGIN Really Simple Security Redirect RewriteEngine on RewriteCond %{HTTP_USER_AGENT} !lscache_runner [NC] RewriteCond %{HTTP:X-Forwarded-Proto} !https RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L] # END Really Simple Security Redirect # ============================================================================== # .htaccess sécurisé pour WordPress - Perfline SA (Corrigé Login) # ============================================================================== Order Allow,Deny Deny from all Order Allow,Deny Deny from all Order Allow,Deny Deny from all Order Allow,Deny Deny from all Order Allow,Deny Deny from all RewriteEngine On RewriteRule ^wp-content/uploads/.*\.php$ - [F,L] RewriteRule ^wp-content/uploads/.*\.phtml$ - [F,L] RewriteRule ^wp-content/uploads/.*\.phps$ - [F,L] RewriteEngine On RewriteBase / RewriteRule ^wp-admin/includes/ - [F,L] RewriteRule !^wp-includes/ - [S=3] RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] RewriteRule ^wp-includes/theme-compat/ - [F,L] Options -Indexes Header set X-Content-Type-Options "nosniff" Header set X-Frame-Options "SAMEORIGIN" Header set X-XSS-Protection "1; mode=block" Header set Referrer-Policy "strict-origin-when-cross-origin" Header always set X-Content-Type-Options "nosniff" Header set Permissions-Policy "geolocation=(), microphone=(), camera=()" Header unset X-Powered-By Header always unset X-Powered-By ServerSignature Off RewriteEngine On RewriteCond %{QUERY_STRING} (\.\./) [NC,OR] RewriteCond %{QUERY_STRING} (boot\.ini) [NC,OR] RewriteCond %{QUERY_STRING} (tag=) [NC,OR] RewriteCond %{QUERY_STRING} (ftp:) [NC,OR] RewriteCond %{QUERY_STRING} () [NC,OR] RewriteCond %{QUERY_STRING} (mosConfig_[a-zA-Z_]{1,21}=) [NC,OR] RewriteCond %{QUERY_STRING} (base64_encode.*$.*$) [NC,OR] RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC,OR] RewriteCond %{QUERY_STRING} (%0|%A|%B|%C|%D|%E|%F) [NC] RewriteRule .* - [F,L] RewriteCond %{HTTP_USER_AGENT} (havij|libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(teleport|currentscene) [NC] RewriteRule .* - [F,L] RewriteEngine On RewriteBase / RewriteCond %{QUERY_STRING} (author=\d+) [NC] RewriteRule .* - [F,L] LimitRequestBody 25000000 AddOutputFilterByType DEFLATE text/html text/css text/javascript text/xml text/plain application/javascript application/x-javascript application/json application/xml application/rss+xml application/xhtml+xml image/svg+xml font/ttf font/otf font/woff font/woff2 ExpiresActive On ExpiresByType image/jpeg "access plus 1 year" ExpiresByType image/png "access plus 1 year" ExpiresByType image/gif "access plus 1 year" ExpiresByType image/webp "access plus 1 year" ExpiresByType image/svg+xml "access plus 1 year" ExpiresByType text/css "access plus 1 month" ExpiresByType application/javascript "access plus 1 month" ExpiresByType text/javascript "access plus 1 month" ExpiresByType application/pdf "access plus 1 month" ExpiresByType font/woff "access plus 1 year" ExpiresByType font/woff2 "access plus 1 year" ExpiresByType font/ttf "access plus 1 year" ExpiresByType font/otf "access plus 1 year" RewriteEngine On RewriteCond %{REQUEST_METHOD} POST RewriteRule ^wp-json/wc/store/v[0-9]+/checkout(/.*)?$ - [F,L] RewriteCond %{REQUEST_METHOD} POST RewriteRule ^wp-json/wc/store/v[0-9]+/batch(/.*)?$ - [F,L] RewriteCond %{REQUEST_METHOD} POST RewriteRule ^wp-json/wc/store/v[0-9]+/payment(/.*)?$ - [F,L] RewriteCond %{REQUEST_METHOD} POST RewriteRule ^wp-json/wc/v[0-9]+/orders(/.*)?$ - [F,L] # BEGIN WordPress RewriteEngine On RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] # END WordPress # BEGIN Really Simple Security Disable directory indexing # END Really Simple Security Disable directory indexing