Replies: 0
Hi,
I have a quick technical question and looking for advice. I have installed your plugin and it appears to be doing a fine job.It is looking like a 5 star review and then most probably the paid version.
I am on shared hosting and cloudflare so I put the special ninja file up in home/username/ . I also run the most upto date WP and use the login rename plugin. All appears to be running fine.
However, I wanted to know if I can now remove this from my .htaccess
<FilesMatch “^.*(error_log|wp-login\.php|\.sdfe|wp-config\.php|xmlrpc\.php|php.ini|\.[hH][tT][aApP].*)$”>
Order deny,allow
Deny from all
</FilesMatch>
RedirectMatch 403 (.*)wp-login\.php$
<IfModule mod_rewrite.c>
RewriteEngine on
Options +FollowSymLinks
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]
</IfModule>
# directory browsing
Options All -Indexes
I also use another .htaccess in wp-content and wp-includes
Order deny,allow
Deny from all
<Files ~ “.(xml|css||woff|svg|ttf||pdf|ico|jpe?g|png|gif|js)$”>
Allow from all
</Files>
Basically, I am not sure if I am adding to the security of your firewall or detracting from it? Finally, I also use the Block Bad Queries (BBQ) plugin – do I still need that?
I was hacked badly and I don’t want it to happen again.
-
This topic was modified 12 minutes ago by
frenchomatic.
