Is this HTACCESS code correct, and if not, how do I correct it?

notatechwizz · August 05, 2020, 09:08:29 PM

WORDPRESS : 5.4.2 / MY PHP : 7.4.8 / SERVER : APACHE / MYSQL : 5. 7. 28 / HOSTING : 1&1 IONOS (on sharing, mutual hosting) / PROTOCOLE SSL : ENABLE

Hi everyone !
I'm a travelling photographer building a website (contain pictures, YouTube movie, donation plateform and woo commerce) to establish social aid towards some of the causes which have moved me on my travels. and need all the help I can get.
I am the only administrator and a beginner in web development, i would like to make a heartfelt plea to all the IT Tech gurus out there: can you please, please check my .htaccess files . I have been struggling with this for a while and any advice to help me out of this tangle would be so absolutely appreciated.
My domain look like https://xxxxxx-xxxxx.fr i have redirection for people come in https://www.xxxxxx-xxxxx.fr (I want keep this configuration www.xxxxxxx-xxxxx.fr for endpoint)
Another question, my website actually works with this .htaccess, i am not sure but i feel i have a redirection problem, can you check this code please, and if you have suggestions for optimization, security... it would be greatly appreciated !!!
I have replace my url website by : https://www.xxxxxx-xxxxxxx.fr/ for privacy If you need my url website I can send it to you in a private message.
MY HTACCES CODE :
# BEGIN WordPress
# Les directives (lignes) entre 'BEGIN WordPress' et 'END WordPress' sont
# généré dynamiquement, et ne doivent uniquement être modifiées via les filtres WordPress.
# Toute modification des directives entre ces marqueurs sera outrepassée.

Code Select

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
## EXPIRES HEADER CACHING ##
ExpiresActive On
ExpiresByType image/jpg "access 1 year"
ExpiresByType image/jpeg "access 1 year"
ExpiresByType image/gif "access 1 year"
ExpiresByType image/png "access 1 year"
ExpiresByType image/svg "access 1 year"
ExpiresByType text/css "access 1 month"
ExpiresByType application/pdf "access 1 month"
ExpiresByType application/javascript "access 1 month"
ExpiresByType application/x-javascript "access 1 month"
ExpiresByType application/x-shockwave-flash "access 1 month"
ExpiresByType image/x-icon "access 1 year"
ExpiresDefault "access 2 days"
## EXPIRES HEADER CACHING ##

# Make PHP code look like unknown types
AddType application/x-httpd-php .bop .foo .133t
<IfModule mod_rewrite.c>
RewriteEngine on
# HSTS preload
RewriteCond %{HTTP_HOST} !^www\.[^.]+\.[^.]+$
# Then redirect http to https (if necessary)
RewriteCond %{HTTPS} on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,L,R=301]
</IfModule>

# BEGIN wccp_pro_image_protection
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} (PrintFriendly.com)
RewriteRule ^.*$ https://www.xxxxxx-xxxxxxx.fr/wp-content/plugins/wccp-pro/watermark.php [R=301,L]
RewriteCond %{HTTP_COOKIE} (wccpprocookie=excludethispage)
RewriteRule ^(.*)\.(jpg|png|jpeg|gif)$ - [NC,L]
RewriteCond %{QUERY_STRING} (wccp_pro_watermark_pass) [NC,OR]
RewriteCond %{REQUEST_URI} (wp-content/plugins) [NC,OR]
RewriteCond %{REQUEST_URI} (wp-content/themes) [NC,OR]
RewriteCond %{REQUEST_URI} (logo|background|150x150) [NC,OR]
RewriteCond %{REQUEST_URI} (this_is_just_not_any_wanted_image_size) [NC]
RewriteRule ^(.*)\.(jpg|png|jpeg|gif)$ - [NC,L]
# What happen to images on my site
#RewriteCond %{HTTP_ACCEPT} (image|png) [NC]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?xxxxxx-xxxxxx.fr [NC,OR]
RewriteCond %{HTTP_REFERER} ^(.*)xxxxxx-xxxxxx.fr [NC]
RewriteRule ^.*$ - [NC,L]
#Save as or Click on View image after right click or without any referer
RewriteCond %{REQUEST_URI} (stackpathcdn.com) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (stackpathcdn.com) [NC,OR]
RewriteCond %{HTTP_ACCEPT} (text|html|application|image|png) [NC]
RewriteRule ^(.*)\.(jpg|png|jpeg)$ https://www.xxxxx-xxxxxx.fr/wp-content/plugins/wccp-pro/watermark.php?&src=/$1.$2&w=1 [R=301,NC,L]
RewriteCond %{REQUEST_URI} \.(jpg|jpeg|png)$ [NC]
RewriteCond %{REMOTE_ADDR} !^(127.0.0.1|162.144.5.62)$ [NC]
RewriteCond %{REMOTE_ADDR} !^66.6.(32|33|36|44|45|46|40). [NC]
RewriteCond %{HTTP_USER_AGENT} !(this_is_just_not_any_wanted_service_name) [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?(this_is_just_not_any_wanted_service_name) [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?(www.xxxx-xxxxx.fr|xxxx-xxxxx.fr|pinterest.com|tumblr.com|facebook.com|plus.google|twitter.com|googleapis.com|googleusercontent.com|ytimg.com|gstatic.com) [NC]
RewriteCond %{HTTP_USER_AGENT} !(linkedin.com|googlebot|msnbot|baiduspider|slurp|webcrawler|teoma|photon|facebookexternalhit|facebookplatform|pinterest|feedfetcher|ggpht) [NC]
RewriteCond %{HTTP_USER_AGENT} !(photon|smush.it|akamai|cloudfront|netdna|bitgravity|maxcdn|edgecast|limelight|tineye) [NC]
RewriteCond %{HTTP_USER_AGENT} !(developers|gstatic|googleapis|googleusercontent|google|ytimg) [NC]
RewriteRule ^(.*)\.(jpg|png|jpeg)$ https://www.xxxxx-xxxxxx.fr/wp-content/plugins/wccp-pro/watermark.php?&src=/$1.$2&w=1 [R=301,NC,L]
</ifModule>
# END wccp_pro_image_protection

# BEGIN HttpHeaders
# Les directives (lignes) entre 'BEGIN HttpHeaders' et 'END HttpHeaders' sont
# généré dynamiquement, et ne doivent uniquement être modifiées via les filtres WordPress.
# Toute modification des directives entre ces marqueurs sera outrepassée.
# END HttpHeaders

# BEGIN WP-Optimize Gzip compression
<IfModule mod_filter.c>
<IfModule mod_deflate.c>
# Compress HTML, CSS, JavaScript, Text, XML and fonts
AddType application/vnd.ms-fontobject .eot
AddType font/ttf .ttf
AddType font/otf .otf
AddType font/x-woff .woff
AddType image/svg+xml .svg
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE application/x-font
AddOutputFilterByType DEFLATE application/x-font-opentype
AddOutputFilterByType DEFLATE application/x-font-otf
AddOutputFilterByType DEFLATE application/x-font-truetype
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/x-font-woff
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE font/otf
AddOutputFilterByType DEFLATE font/ttf
AddOutputFilterByType DEFLATE font/woff
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/x-icon
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml
# Remove browser bugs (only needed for really old browsers)
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
Header append Vary User-Agent
</IfModule>
</IfModule>

# END WP-Optimize Gzip compression
# BEGIN WP-Optimize Browser Cache
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType text/css "access 28 days"
ExpiresByType text/html "access 28 days"
ExpiresByType image/gif "access 28 days"
ExpiresByType image/png "access 28 days"
ExpiresByType image/jpg "access 28 days"
ExpiresByType image/jpeg "access 28 days"
ExpiresByType image/webp "access 28 days"
ExpiresByType image/x-icon "access 28 days"
ExpiresByType application/pdf "access 28 days"
ExpiresByType application/javascript "access 28 days"
ExpiresByType text/x-javascript "access 28 days"
ExpiresByType application/x-shockwave-flash "access 28 days"
ExpiresDefault "access 28 days"
</IfModule>

<IfModule mod_headers.c>
<filesMatch "\.(ico|jpe?g|png|gif|webp|swf)$">
Header set Cache-Control "public"
</filesMatch>

<filesMatch "\.(css)$">
Header set Cache-Control "public"
</filesMatch>

<filesMatch "\.(js)$">
Header set Cache-Control "private"
</filesMatch>

<filesMatch "\.(x?html?|php)$">
Header set Cache-Control "private, must-revalidate"
</filesMatch>
</IfModule>

#Disable ETag
FileETag None
# END WP-Optimize Browser Cache
# BEGIN HttpHeadersCookieSecurity
# Les directives (lignes) entre 'BEGIN HttpHeadersCookieSecurity' et 'END HttpHeadersCookieSecurity' sont
# généré dynamiquement, et ne doivent uniquement être modifiées via les filtres WordPress.
# Toute modification des directives entre ces marqueurs sera outrepassée.
# END HttpHeadersCookieSecurity
# Wordfence WAF

<Files ".user.ini">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>

<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>

# END Wordfence WAF

Thank you again so much for going through it. Again, I'm in over my head, and any advice at all on this would be appreciated.
Wishing you a wonderful day !

mario · August 06, 2020, 08:38:09 AM

You can block some stuff

Code Select


RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|PUT|DELETE|FLURP|HEAD)
RewriteRule .* - [R=405,L]

RewriteCond %{HTTP_USER_AGENT}  ^.*python-requests.*$
RewriteCond %{HTTP_USER_AGENT}  ^.*opensiteexplorer.*$
RewriteRule . - [R=403,L]

RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
RewriteRule ^(.*\.php)$ $1 [L]

Is this HTACCESS code correct, and if not, how do I correct it?

notatechwizz

mario