Home What does this .htaccess rule do?
Reply: 0

What does this .htaccess rule do?

user1098
1#
user1098 Published in May 21, 2018, 12:40 pm

I'm looking at ways to "harden" WordPress installations and recently came across some code to place in the site .htaccess file. However, it had no explanation as to what it does, and I'm trying to figure it out, but with little success.

The code / rule is:

RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ ///.*\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\?\=?(http|ftp|ssl|https):/.*\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\?\?.*\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\.(asp|ini|dll).*\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\.(htpasswd|htaccess|aahtpasswd).*\ HTTP/ [NC]
RewriteRule .? - [F,NS,L]

I can see this this comes into play when any of the pages in the 1st line are called, but beyond that I'm in the dark.

Any pointers / explanation would be really appreciated.

P.s. If there is a better place to post this, please let me know and I'll gladly move it.

You need to login account before you can post.

About| Privacy statement| Terms of Service| Advertising| Contact us| Help| Sitemap|
Processed in 0.354964 second(s) , Gzip On .

© 2016 Powered by mzan.com design MATCHINFO