Edit File: .htaccess_swift_backup
# BEGIN WebARX #BASIC ID=1 RedirectMatch 409 .(htaccess|htpasswd|errordocs|logs)$ ServerSignature Off <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC] RewriteRule ^readme*.*html$ index.php?webarx_fpage=101 [L,QSA] RewriteRule ^license*.*txt$ index.php?webarx_fpage=102 [L,QSA] RewriteRule ^wp-config*.*php$ index.php?webarx_fpage=103 [L,QSA] </IfModule> #BASIC #BLOCK WP FILE ACCESS ID=2 # Block the include-only files. <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC] RewriteRule ^wp-admin/includes/ index.php?webarx_fpage=201 [NC,L] RewriteRule ^wp-includes/[^/]+.php$ index.php?webarx_fpage=202 [NC,L] RewriteRule ^wp-content/uploads/(.*).php$ index.php?webarx_fpage=202 [NC,L] RewriteRule ^wp-includes/js/tinymce/langs/.+.php index.php?webarx_fpage=203 [NC,L] RewriteRule ^wp-includes/theme-compat/ index.php?webarx_fpage=204 [NC,L] </IfModule> #BLOCK WP FILE ACCESS #BLOCK DEBUG LOG ACCESS <IfModule mod_rewrite.c> RewriteEngine On RewriteRule ^debug*.*log$ index.php?webarx_fpage=502 [L,QSA] </IfModule> #BLOCK DEBUG LOG ACCESS #DISABLE INDEX VIEWS Options -Indexes #DISABLE INDEX VIEWS #FORBID PROXY COMMENT POSTING ID=7 <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC] RewriteCond %{REQUEST_METHOD} ^POST RewriteCond %{HTTP:VIA} !^$ [OR] RewriteCond %{HTTP:FORWARDED} !^$ [OR] RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR] RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR] RewriteCond %{HTTP:X_FORWARDED_HOST} !^$ [OR] RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR] RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR] RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR] RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$ RewriteRule wp-comments-post\.php index.php?webarx_fpage=7 [NC] </IfModule> #FORBID PROXY COMMENT POSTING #WPSCAN ID=19 <IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{REMOTE_ADDR} !=18.221.197.243 RewriteRule ^(.*)/plugins/(.*)readme\.(txt|html)$ index.php?webarx_fpage=19 [NC,L] </IfModule> #WPSCAN # END WebARX # BEGIN LSCACHE # END LSCACHE # BEGIN NON_LSCACHE # END NON_LSCACHE ###BEGIN Swift Performance### # ------------------------------------------------------------------------------ # | Compression | # ------------------------------------------------------------------------------ <IfModule mod_deflate.c> # Force compression for mangled headers. # http://developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping <IfModule mod_setenvif.c> <IfModule mod_headers.c> SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding </IfModule> </IfModule> # Compress all output labeled with one of the following MIME-types # (for Apache versions below 2.3.7, you don't need to enable `mod_filter` # and can remove the `<IfModule mod_filter.c>` and `</IfModule>` lines # as `AddOutputFilterByType` is still in the core directives). <IfModule mod_filter.c> AddOutputFilterByType DEFLATE "application/atom+xml" \ "application/javascript" \ "application/json" \ "application/ld+json" \ "application/manifest+json" \ "application/rdf+xml" \ "application/rss+xml" \ "application/schema+json" \ "application/vnd.geo+json" \ "application/vnd.ms-fontobject" \ "application/x-font-ttf" \ "application/x-javascript" \ "application/x-web-app-manifest+json" \ "application/xhtml+xml" \ "application/xml" \ "font/eot" \ "font/opentype" \ "image/bmp" \ "image/svg+xml" \ "image/vnd.microsoft.icon" \ "image/x-icon" \ "text/cache-manifest" \ "text/css" \ "text/html" \ "text/javascript" \ "text/plain" \ "text/vcard" \ "text/vnd.rim.location.xloc" \ "text/vtt" \ "text/x-component" \ "text/x-cross-domain-policy" \ "text/xml" </IfModule> </IfModule> <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteCond %{REQUEST_METHOD} !POST RewriteCond %{QUERY_STRING} ^$ RewriteCond %{HTTP_COOKIE} !^.*(wordpress_logged_in|).*$ RewriteCond %{REQUEST_URI} !^/wp-content/cache/swift-performance/([^/]*)/assetproxy RewriteCond /home/u855342564/domains/devotionalpoint.com/public_html/wp-content/cache/swift-performance/%{HTTP_HOST}%{REQUEST_URI}/desktop/unauthenticated/index.html -f RewriteRule (.*) wp-content/cache/swift-performance/%{HTTP_HOST}%{REQUEST_URI}/desktop/unauthenticated/index.html [L] </IfModule> # ---------------------------------------------------------------------- # CORS-enabled images (@crossorigin) # ---------------------------------------------------------------------- # Send CORS headers if browsers request them; enabled by default for images. # developer.mozilla.org/en/CORS_Enabled_Image # blog.chromium.org/2011/07/using-cross-domain-images-in-webgl-and.html # hacks.mozilla.org/2011/11/using-cors-to-load-webgl-textures-from-cross-domain-images/ # wiki.mozilla.org/Security/Reviews/crossoriginAttribute <IfModule mod_setenvif.c> <IfModule mod_headers.c> # mod_headers, y u no match by Content-Type?! <FilesMatch "\.(gif|png|jpe?g|svg|svgz|ico|webp)$"> SetEnvIf Origin ":" IS_CORS Header set Access-Control-Allow-Origin "*" env=IS_CORS </FilesMatch> </IfModule> </IfModule> # ---------------------------------------------------------------------- # Webfont access # ---------------------------------------------------------------------- # Allow access from all domains for webfonts. # Alternatively you could only whitelist your # subdomains like "subdomain.example.com". <IfModule mod_headers.c> <FilesMatch "\.(ttf|ttc|otf|eot|woff|woff2|font.css|css|js)$"> Header set Access-Control-Allow-Origin "*" </FilesMatch> </IfModule> ###END Swift Performance### # BEGIN Really Simple SSL Redirect 5.3.5 <IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{HTTPS} !=on [NC] RewriteCond %{REQUEST_URI} !wp-content\/cache\/(all|wpfc-mobile-cache) RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/ RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L] </IfModule> # END Really Simple SSL Redirect # BEGIN WordPress # The directives (lines) between "BEGIN WordPress" and "END WordPress" are # dynamically generated, and should only be modified via WordPress filters. # Any changes to the directives between these markers will be overwritten. <IfModule mod_rewrite.c> RewriteEngine On RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPress # BEGIN LiteSpeed # The directives (lines) between "BEGIN LiteSpeed" and "END LiteSpeed" are # dynamically generated, and should only be modified via WordPress filters. # Any changes to the directives between these markers will be overwritten. <IfModule Litespeed> SetEnv noabort 1 </IfModule> # END LiteSpeed
Back