mayronceccon · February 4, 2025 14:51 · claudio-93 · Jul 7, 2022
diff --git a/arquivo_htaccess_completo b/arquivo_htaccess_completo
 #######Previnir listagem de diretórios#######
 Options All -Indexes
 #######Previnir listagem de diretórios#######

 #######Desabilitar arquivos licence, wp-config.sample, readme, install#######
 <FilesMatch "(license.txt|wp-config-sample.php|readme.html|install.php)$">
    order allow,deny
    deny from all
 </FilesMatch>
 #######Desabilitar arquivos licence, wp-config.sample, readme, install#######

 #######Evitar alteração wp-config.php#######
 <files wp-config.php>
    order allow,deny
    deny from all
 </files>
 #######Evitar alteração wp-config.php#######

 #######Evitar alteração do arquivo .htaccess#######
 <files .htaccess>
    order allow,deny
    deny from all
 </files>
 #######Evitar alteração do arquivo .htaccess#######

 #######Evitar injeção de codigos#######
 <IfModule mod_rewrite.c>
    Options +FollowSymLinks
    RewriteEngine On
    RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
    # Bloqueia todos os scripts que tentam modificar uma variável PHP GLOBAL:
    RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
    # Bloqueia todos os scripts que tentam modificar uma variável _REQUEST:
    RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})

    RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
    RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
    RewriteCond %{QUERY_STRING} tag\= [NC,OR]
    RewriteCond %{QUERY_STRING} ftp\:  [NC,OR]
    RewriteCond %{QUERY_STRING} http\:  [NC,OR]
    RewriteCond %{QUERY_STRING} https\:  [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|ê|"|;|\?|\*|=$).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(&#x22;|&#x27;|&#x3C;|&#x3E;|&#x5C;|&#x7B;|&#x7C;).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare).* [NC]
    RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$

    # Se as requisições forem maliciosas enviamos tudo para a página inicial com um erro 403 Forbidden:
    RewriteRule ^(.*)$ index.php [F,L]
 </IfModule>
 #######Evitar injeção de codigos#######

 #######Ativar compactação htaccess GZIP#######
 <ifModule mod_gzip.c>
    mod_gzip_on Yes
    mod_gzip_dechunk Yes
    mod_gzip_item_include file .(html?|txt|css|js|php|pl)$
    mod_gzip_item_include handler ^cgi-script$
    mod_gzip_item_include mime ^text/.*
    mod_gzip_item_include mime ^application/x-javascript.*
    mod_gzip_item_exclude mime ^image/.*
    mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
 </ifModule>
 #######Ativar compactação htaccess GZIP#######

 #######ATIVAR CACHE#######
 <IfModule mod_deflate.c>
    SetOutputFilter DEFLATE
    #Don't compress
    SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
    SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
    #Dealing with proxy servers
    <IfModule mod_headers.c>
        Header append Vary User-Agent
    </IfModule>
 </IfModule>

 <ifModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/xml text/css text/plain
    AddOutputFilterByType DEFLATE image/svg+xml application/xhtml+xml application/xml
    AddOutputFilterByType DEFLATE application/rdf+xml application/rss+xml application/atom+xml
    AddOutputFilterByType DEFLATE text/javascript application/javascript application/x-javascript application/json
    AddOutputFilterByType DEFLATE application/x-font-ttf application/x-font-otf
    AddOutputFilterByType DEFLATE font/truetype font/opentype
 </ifModule>

 <IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType image/jpg "access plus 1 month"
    ExpiresByType image/jpeg "access plus 1 month"
    ExpiresByType image/gif "access plus 1 month"
    ExpiresByType image/png "access plus 1 month"
    ExpiresByType text/css "access plus 1 month"
    ExpiresByType application/pdf "access plus 1 month"
    ExpiresByType text/x-javascript "access plus 1 month"
    ExpiresByType application/x-shockwave-flash "access plus 1 month"
    ExpiresByType image/x-icon "access plus 1 month"
    ExpiresDefault "access plus 2 days"
 </IfModule>
 ## EXPIRES CACHING ##

 <ifModule mod_headers.c>
    <filesMatch "\.(ico|jpe?g|png|gif|swf)$">
        Header set Cache-Control "public"
    </filesMatch>
    <filesMatch "\.(css)$">
        Header set Cache-Control "public"
    </filesMatch>
    <filesMatch "\.(js)$">
        Header set Cache-Control "private"
    </filesMatch>
    <filesMatch "\.(x?html?|php)$">
        Header set Cache-Control "private, must-revalidate"
    </filesMatch>
 </ifModule>
 #######ATIVAR CACHE#######

 #######Segurança headers#######
 <IfModule mod_headers.c>
    Header set X-Content-Type-Options nosniff
    Header set X-XSS-Protection "1; mode=block"
    Header always append X-Frame-Options SAMEORIGIN
 </IfModule>
 #######Segurança headers#######

 #######Configurações adicionais de segurança#######
 <IfModule mod_headers.c>
    Header set X-Content-Type-Options nosniff
    Header always append X-Frame-Options SAMEORIGIN
    Header set X-XSS-Protection "1; mode=block"
 </IfModule>

 <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^TRACE
    RewriteRule .* - [F]
 </IfModule>
 #######Configurações adicionais de segurança#######

 #######Proteger arquivo wp-login com senha#######
 <IfModule mod_auth.c>
    <Files "wp-login.php">
        AuthName "Username and password required"
        AuthUserFile .htpasswd
        Require valid-user
        AuthType Basic
    </Files>
 </IfModule>
 #######Proteger arquivo wp-login com senha#######

 #######Desbloquear somente arquivos necessários#######
 <FilesMatch "(admin-ajax\.php|media-upload\.php|async-upload\.php|wp-cron\.php|sitemap.xml|sitemap_index.xml|page-sitemap.xml|post-sitemap.xml|sitemap)$">
    Order allow,deny
    Allow from all
    Satisfy any
 </FilesMatch>
 #######Desbloquear somente arquivos necessários#######

 #######Desabilitar acesso arquivo xmlrpc#######
 <Files "xmlrpc.php">
    Order Allow,Deny
    deny from all
 </Files>
 #######Desabilitar acesso arquivo xmlrpc#######

 #######Wordpress não exibir autor#######
 <IfModule mod_rewrite.c>
    RewriteCond %{REQUEST_URI} ^/$
    RewriteCond %{QUERY_STRING} ^/?author=([0-9]*)
    RewriteRule ^(.*)$ http://www.site.com.br/? [L,R=301]
 </ifModule>
 #######Wordpress não exibir autor#######

 #######Negar acesso a solicitações não referenciadas#######
 <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{REQUEST_URI} .(wp-comments-post|wp-login)\.php*
    RewriteCond %{HTTP_REFERER} !.*site.com.br.* [OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule (.*) http://%{REMOTE_ADDR}/$ [R=301,L]
 </ifModule>
 #######Negar acesso a solicitações não referenciadas#######

 #######Limitar requisição de login somente pelo site#######
 <IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{HTTP_REFERER} !^http://(.*)?site\.com.br [NC]
    RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
    RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
    RewriteRule ^(.*)$ - [F]
 </IfModule>
 #######Limitar requisição de login somente pelo site#######

 #######Bloquei de arquivos wp-includes#######
 <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^wp-admin/includes/ - [F,L]
    RewriteRule !^wp-includes/ - [S=3]
    RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
    RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
    RewriteRule ^wp-includes/theme-compat/ - [F,L]
 </IfModule>
 #######Bloquei de arquivos wp-includes#######

 #######Evitar hotlink de outros sites#######
 <IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?site.com.br [NC]
    RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
 </IfModule>
 #######Evitar hotlink de outros sites#######

 #######Bloquear ips#######
 order allow,deny
 allow from all
 deny from XX.XXX.XXX.X/XX
 #######Bloquear ips#######
	#######Previnir listagem de diretórios#######
	Options All -Indexes
	#######Previnir listagem de diretórios#######

	#######Desabilitar arquivos licence, wp-config.sample, readme, install#######
	<FilesMatch "(license.txt\|wp-config-sample.php\|readme.html\|install.php)$">
	order allow,deny
	deny from all
	</FilesMatch>
	#######Desabilitar arquivos licence, wp-config.sample, readme, install#######

	#######Evitar alteração wp-config.php#######
	<files wp-config.php>
	order allow,deny
	deny from all
	</files>
	#######Evitar alteração wp-config.php#######

	#######Evitar alteração do arquivo .htaccess#######
	<files .htaccess>
	order allow,deny
	deny from all
	</files>
	#######Evitar alteração do arquivo .htaccess#######

	#######Evitar injeção de codigos#######
	<IfModule mod_rewrite.c>
	Options +FollowSymLinks
	RewriteEngine On
	RewriteCond %{QUERY_STRING} (<\|%3C).script.(>\|%3E) [NC,OR]
	# Bloqueia todos os scripts que tentam modificar uma variável PHP GLOBAL:
	RewriteCond %{QUERY_STRING} GLOBALS(=\|[\|%[0-9A-Z]{0,2}) [OR]
	# Bloqueia todos os scripts que tentam modificar uma variável _REQUEST:
	RewriteCond %{QUERY_STRING} _REQUEST(=\|[\|%[0-9A-Z]{0,2})

	RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
	RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
	RewriteCond %{QUERY_STRING} tag\= [NC,OR]
	RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
	RewriteCond %{QUERY_STRING} http\: [NC,OR]
	RewriteCond %{QUERY_STRING} https\: [NC,OR]
	RewriteCond %{QUERY_STRING} (\<\|%3C).script.(\>\|%3E) [NC,OR]
	RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=\|%3D) [NC,OR]
	RewriteCond %{QUERY_STRING} base64_encode.\(.\) [NC,OR]
	RewriteCond %{QUERY_STRING} ^.(\[\|\]\|\(\|\)\|<\|>\|ê\|"\|;\|\?\|\\|=$).* [NC,OR]
	RewriteCond %{QUERY_STRING} ^.("\|'\|<\|>\|\\|{\|\|). [NC,OR]
	RewriteCond %{QUERY_STRING} ^.(%24&x). [NC,OR]
	RewriteCond %{QUERY_STRING} ^.(%0\|%A\|%B\|%C\|%D\|%E\|%F\|127\.0). [NC,OR]
	RewriteCond %{QUERY_STRING} ^.(globals\|encode\|localhost\|loopback). [NC,OR]
	RewriteCond %{QUERY_STRING} ^.(request\|select\|insert\|union\|declare). [NC]
	RewriteCond %{HTTP_COOKIE} !^.wordpress_logged_in_.$

	# Se as requisições forem maliciosas enviamos tudo para a página inicial com um erro 403 Forbidden:
	RewriteRule ^(.*)$ index.php [F,L]
	</IfModule>
	#######Evitar injeção de codigos#######

	#######Ativar compactação htaccess GZIP#######
	<ifModule mod_gzip.c>
	mod_gzip_on Yes
	mod_gzip_dechunk Yes
	mod_gzip_item_include file .(html?\|txt\|css\|js\|php\|pl)$
	mod_gzip_item_include handler ^cgi-script$
	mod_gzip_item_include mime ^text/.*
	mod_gzip_item_include mime ^application/x-javascript.*
	mod_gzip_item_exclude mime ^image/.*
	mod_gzip_item_exclude rspheader ^Content-Encoding:.gzip.
	</ifModule>
	#######Ativar compactação htaccess GZIP#######

	#######ATIVAR CACHE#######
	<IfModule mod_deflate.c>
	SetOutputFilter DEFLATE
	#Don't compress
	SetEnvIfNoCase Request_URI \.(?:gif\|jpe?g\|png)$ no-gzip dont-vary
	SetEnvIfNoCase Request_URI \.(?:exe\|t?gz\|zip\|bz2\|sit\|rar)$ no-gzip dont-vary
	#Dealing with proxy servers
	<IfModule mod_headers.c>
	Header append Vary User-Agent
	</IfModule>
	</IfModule>

	<ifModule mod_deflate.c>
	AddOutputFilterByType DEFLATE text/html text/xml text/css text/plain
	AddOutputFilterByType DEFLATE image/svg+xml application/xhtml+xml application/xml
	AddOutputFilterByType DEFLATE application/rdf+xml application/rss+xml application/atom+xml
	AddOutputFilterByType DEFLATE text/javascript application/javascript application/x-javascript application/json
	AddOutputFilterByType DEFLATE application/x-font-ttf application/x-font-otf
	AddOutputFilterByType DEFLATE font/truetype font/opentype
	</ifModule>

	<IfModule mod_expires.c>
	ExpiresActive On
	ExpiresByType image/jpg "access plus 1 month"
	ExpiresByType image/jpeg "access plus 1 month"
	ExpiresByType image/gif "access plus 1 month"
	ExpiresByType image/png "access plus 1 month"
	ExpiresByType text/css "access plus 1 month"
	ExpiresByType application/pdf "access plus 1 month"
	ExpiresByType text/x-javascript "access plus 1 month"
	ExpiresByType application/x-shockwave-flash "access plus 1 month"
	ExpiresByType image/x-icon "access plus 1 month"
	ExpiresDefault "access plus 2 days"
	</IfModule>
	## EXPIRES CACHING ##

	<ifModule mod_headers.c>
	<filesMatch "\.(ico\|jpe?g\|png\|gif\|swf)$">
	Header set Cache-Control "public"
	</filesMatch>
	<filesMatch "\.(css)$">
	Header set Cache-Control "public"
	</filesMatch>
	<filesMatch "\.(js)$">
	Header set Cache-Control "private"
	</filesMatch>
	<filesMatch "\.(x?html?\|php)$">
	Header set Cache-Control "private, must-revalidate"
	</filesMatch>
	</ifModule>
	#######ATIVAR CACHE#######

	#######Segurança headers#######
	<IfModule mod_headers.c>
	Header set X-Content-Type-Options nosniff
	Header set X-XSS-Protection "1; mode=block"
	Header always append X-Frame-Options SAMEORIGIN
	</IfModule>
	#######Segurança headers#######

	#######Configurações adicionais de segurança#######
	<IfModule mod_headers.c>
	Header set X-Content-Type-Options nosniff
	Header always append X-Frame-Options SAMEORIGIN
	Header set X-XSS-Protection "1; mode=block"
	</IfModule>

	<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteCond %{REQUEST_METHOD} ^TRACE
	RewriteRule .* - [F]
	</IfModule>
	#######Configurações adicionais de segurança#######

	#######Proteger arquivo wp-login com senha#######
	<IfModule mod_auth.c>
	<Files "wp-login.php">
	AuthName "Username and password required"
	AuthUserFile .htpasswd
	Require valid-user
	AuthType Basic
	</Files>
	</IfModule>
	#######Proteger arquivo wp-login com senha#######

	#######Desbloquear somente arquivos necessários#######
	<FilesMatch "(admin-ajax\.php\|media-upload\.php\|async-upload\.php\|wp-cron\.php\|sitemap.xml\|sitemap_index.xml\|page-sitemap.xml\|post-sitemap.xml\|sitemap)$">
	Order allow,deny
	Allow from all
	Satisfy any
	</FilesMatch>
	#######Desbloquear somente arquivos necessários#######

	#######Desabilitar acesso arquivo xmlrpc#######
	<Files "xmlrpc.php">
	Order Allow,Deny
	deny from all
	</Files>
	#######Desabilitar acesso arquivo xmlrpc#######

	#######Wordpress não exibir autor#######
	<IfModule mod_rewrite.c>
	RewriteCond %{REQUEST_URI} ^/$
	RewriteCond %{QUERY_STRING} ^/?author=([0-9]*)
	RewriteRule ^(.*)$ http://www.site.com.br/? [L,R=301]
	</ifModule>
	#######Wordpress não exibir autor#######

	#######Negar acesso a solicitações não referenciadas#######
	<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteCond %{REQUEST_METHOD} POST
	RewriteCond %{REQUEST_URI} .(wp-comments-post\|wp-login)\.php*
	RewriteCond %{HTTP_REFERER} !.site.com.br. [OR]
	RewriteCond %{HTTP_USER_AGENT} ^$
	RewriteRule (.*) http://%{REMOTE_ADDR}/$ [R=301,L]
	</ifModule>
	#######Negar acesso a solicitações não referenciadas#######

	#######Limitar requisição de login somente pelo site#######
	<IfModule mod_rewrite.c>
	RewriteEngine on
	RewriteCond %{REQUEST_METHOD} POST
	RewriteCond %{HTTP_REFERER} !^http://(.*)?site\.com.br [NC]
	RewriteCond %{REQUEST_URI} ^(.)?wp-login\.php(.)$ [OR]
	RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
	RewriteRule ^(.*)$ - [F]
	</IfModule>
	#######Limitar requisição de login somente pelo site#######

	#######Bloquei de arquivos wp-includes#######
	<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteBase /
	RewriteRule ^wp-admin/includes/ - [F,L]
	RewriteRule !^wp-includes/ - [S=3]
	RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
	RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
	RewriteRule ^wp-includes/theme-compat/ - [F,L]
	</IfModule>
	#######Bloquei de arquivos wp-includes#######

	#######Evitar hotlink de outros sites#######
	<IfModule mod_rewrite.c>
	RewriteEngine on
	RewriteCond %{HTTP_REFERER} !^$
	RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?site.com.br [NC]
	RewriteRule \.(jpg\|jpeg\|png\|gif)$ - [NC,F,L]
	</IfModule>
	#######Evitar hotlink de outros sites#######

	#######Bloquear ips#######
	order allow,deny
	allow from all
	deny from XX.XXX.XXX.X/XX
	#######Bloquear ips#######
No results found