# BEGIN All In One WP Security # Fucking Test #AIOWPS_BASIC_HTACCESS_RULES_START Require all denied Order deny,allow Deny from all ServerSignature Off LimitRequestBody 10485760 Require all denied Order deny,allow Deny from all #AIOWPS_BASIC_HTACCESS_RULES_END #AIOWPS_PINGBACK_HTACCESS_RULES_START Require all denied Order deny,allow Deny from all #AIOWPS_PINGBACK_HTACCESS_RULES_END #AIOWPS_DEBUG_LOG_BLOCK_HTACCESS_RULES_START Require all denied Order deny,allow Deny from all #AIOWPS_DEBUG_LOG_BLOCK_HTACCESS_RULES_END #AIOWPS_DISABLE_INDEX_VIEWS_START Options -Indexes #AIOWPS_DISABLE_INDEX_VIEWS_END #AIOWPS_IP_BLACKLIST_START Order allow,deny Allow from all Deny from 40.30.20.10 Deny from 5.188.62.5 Require all granted Require not ip 40.30.20.10 Require not ip 5.188.62.5 #AIOWPS_IP_BLACKLIST_END #AIOWPS_DISABLE_TRACE_TRACK_START RewriteEngine On RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] #AIOWPS_DISABLE_TRACE_TRACK_END #AIOWPS_FORBID_PROXY_COMMENTS_START RewriteEngine On RewriteCond %{REQUEST_METHOD} ^POST RewriteCond %{HTTP:VIA} !^$ [OR] RewriteCond %{HTTP:FORWARDED} !^$ [OR] RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR] RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR] RewriteCond %{HTTP:X_FORWARDED_HOST} !^$ [OR] RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR] RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR] RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR] RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$ RewriteRule wp-comments-post\.php - [F] #AIOWPS_FORBID_PROXY_COMMENTS_END #AIOWPS_DENY_BAD_QUERY_STRINGS_START RewriteEngine On RewriteCond %{QUERY_STRING} ftp: [NC,OR] RewriteCond %{QUERY_STRING} http: [NC,OR] RewriteCond %{QUERY_STRING} https: [NC,OR] RewriteCond %{QUERY_STRING} mosConfig [NC,OR] RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR] RewriteCond %{QUERY_STRING} (\;|'|\"|%22).*(request|insert|union|declare|drop) [NC] RewriteRule ^(.*)$ - [F,L] #AIOWPS_DENY_BAD_QUERY_STRINGS_END #AIOWPS_ADVANCED_CHAR_STRING_FILTER_START RedirectMatch 403 \, RedirectMatch 403 \: RedirectMatch 403 \; RedirectMatch 403 \= RedirectMatch 403 \[ RedirectMatch 403 \] RedirectMatch 403 \^ RedirectMatch 403 \` RedirectMatch 403 \{ RedirectMatch 403 \} RedirectMatch 403 \~ RedirectMatch 403 \" RedirectMatch 403 \$ RedirectMatch 403 \< RedirectMatch 403 \> RedirectMatch 403 \| RedirectMatch 403 \.\. RedirectMatch 403 \%0 RedirectMatch 403 \%A RedirectMatch 403 \%B RedirectMatch 403 \%C RedirectMatch 403 \%D RedirectMatch 403 \%E RedirectMatch 403 \%F RedirectMatch 403 \%22 RedirectMatch 403 \%27 RedirectMatch 403 \%28 RedirectMatch 403 \%29 RedirectMatch 403 \%3C RedirectMatch 403 \%3E RedirectMatch 403 \%3F RedirectMatch 403 \%5B RedirectMatch 403 \%5C RedirectMatch 403 \%5D RedirectMatch 403 \%7B RedirectMatch 403 \%7C RedirectMatch 403 \%7D # COMMON PATTERNS Redirectmatch 403 \_vpi RedirectMatch 403 \.inc Redirectmatch 403 xAou6 Redirectmatch 403 db\_name Redirectmatch 403 select$ Redirectmatch 403 convert\( Redirectmatch 403 \/query\/ RedirectMatch 403 ImpEvData Redirectmatch 403 \.XMLHTTP Redirectmatch 403 proxydeny RedirectMatch 403 function\. Redirectmatch 403 remoteFile Redirectmatch 403 servername Redirectmatch 403 \&rptmode\= Redirectmatch 403 sys\_cpanel RedirectMatch 403 db\_connect RedirectMatch 403 doeditconfig RedirectMatch 403 check\_proxy Redirectmatch 403 system\_user Redirectmatch 403 \/\(null$\/ Redirectmatch 403 clientrequest Redirectmatch 403 option\_value RedirectMatch 403 ref\.outcontrol # SPECIFIC EXPLOITS RedirectMatch 403 errors\. RedirectMatch 403 config\. RedirectMatch 403 include\. RedirectMatch 403 display\. RedirectMatch 403 register\. Redirectmatch 403 password\. RedirectMatch 403 maincore\. RedirectMatch 403 authorize\. Redirectmatch 403 macromates\. RedirectMatch 403 head\_auth\. RedirectMatch 403 submit\_links\. RedirectMatch 403 change\_action\. Redirectmatch 403 com\_facileforms\/ RedirectMatch 403 admin\_db\_utilities\. RedirectMatch 403 admin\.webring\.docs\. Redirectmatch 403 Table\/Latest\/index\. #AIOWPS_ADVANCED_CHAR_STRING_FILTER_END #AIOWPS_BLOCK_SPAMBOTS_START RewriteEngine On RewriteCond %{REQUEST_METHOD} POST RewriteCond %{REQUEST_URI} ^(.*)?wp-comments-post\.php(.*)$ RewriteCond %{HTTP_REFERER} !^http(s)?://(.*)?\.lifeofthesaltonsea\.org [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^$ RewriteRule .* http://127.0.0.1 [L] #AIOWPS_BLOCK_SPAMBOTS_END #AIOWPS_LOGIN_WHITELIST_START Order Allow,Deny Allow from lifeofthesaltonsea.org Allow from 96.77.203.195 Allow from 192.168.150.0/24 Allow from 192.168.2.0/24 Allow from 192.168.22.0/24 Allow from 76.212.87.49 Allow from 76.212.87.50 Allow from 76.212.87.51 Allow from 76.212.87.52 Allow from 76.212.87.53 Allow from 96.77.203.193 Allow from 96.77.203.194 Allow from 96.77.203.195 Allow from 96.77.203.196 Allow from 96.77.203.197 Require all denied Require local Require ip 127.0.0.1 Require host lifeofthesaltonsea.org Require ip 192.168.150.0/24 Require ip 192.168.2.0/24 Require ip 192.168.22.0/24 Require ip 76.212.87.49 Require ip 76.212.87.50 Require ip 76.212.87.51 Require ip 76.212.87.52 Require ip 76.212.87.53 Require ip 96.77.203.193 Require ip 96.77.203.194 Require ip 96.77.203.195 Require ip 96.77.203.196 Require ip 96.77.203.197 #AIOWPS_LOGIN_WHITELIST_END #AIOWPS_PREVENT_IMAGE_HOTLINKS_START RewriteEngine On RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{REQUEST_FILENAME} -f RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g?|png)$ [NC] RewriteCond %{HTTP_REFERER} !^http(s)?://(.*)?\.lifeofthesaltonsea\.org [NC] RewriteRule \.(gif|jpe?g?|png)$ - [F,NC,L] #AIOWPS_PREVENT_IMAGE_HOTLINKS_END # END All In One WP Security # BEGIN Adaptive Images #======================= RewriteEngine On # Watched directories RewriteCond %{REQUEST_URI} /wp-content/uploads [OR] RewriteCond %{REQUEST_URI} /wp-content/themes # Redirect images through the adaptive images script RewriteRule \.(?:jpe?g|gif|png)$ /wp-content/plugins/adaptive-images/adaptive-images-script.php [L] # END Adaptive Images # Created by Redirection # Sat, 29 Feb 2020 18:02:10 +0000 # Redirection 4.6.2 - https://redirection.me RewriteRule ^SitemapIndex.xml /sitemap_index.xml [R=307,L] # End of Redirection # BEGIN WordPress RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] # END WordPress # Yoast Redirect # # This item added to "redirect" any requests to the Yoast Sitemap Index to a custom sitemap index # Why? Because it would be stupid, stupid, stupid to leave a sitemap and SEO completely up to Yoast. # # I thought it tricked me the first time, but it turns out what is necessary is a sitemap_index.xml place holder file # So make sure the sitemap_index.xml file is in place in the root directory. ####RewriteEngine On ####RewriteRule ^sitemap_index\.xml$ /SitemapIndex.xml [R=302,L] # # End Yoast Redirect # ### The above Rewrite rules have been moved to the Redirect (Tools Tab, Redirect) Plugin for WordPress. ### The below WordPress items will work in this file, but instead of including them here, they're configured with the Redirection Plugin (Tools Tab, Redirection) # RedirectMatch ^/early\-history/events/(.*)$ /early-history/#$1 # RedirectMatch ^/recent\-history/events/(.*)$ /recent-history/#$1 # ### These items however only exist in the real file system, so the Redirections Plugin will not work, and they have to be placed here. # ###RedirectMatch ^/DirectImageURL/AncientHistory/(.*)$ /ancient-history/#$1 ###RedirectMatch ^/DirectImageURL/EarlyHistory/(.*)$ /early-history/#$1 ###RedirectMatch ^/DirectImageURL/FloodTimeline/(.*)$ /flood-timeline/#$1 ###RedirectMatch ^/DirectImageURL/RecentHistory/(.*)$ /recent-history/#$1 ###RedirectMatch ^/DirectImageURL/FullTimeline/(.*)$ /full-timeline/#$1 # ### Testing showed when a JPG link was downloaded via WGET, the information returned was the HTML code from the page it was redirect to. ### So after consideration, it seems better if a link that Google or other Search engines obtain, should go to the actual file (because I want it spread).