WordPress uses. htaccess to prevent CC attack configuration

Source: Internet
Author: User
Tags comments


To solve this problem, we recommend that you use the following methods to protect it.

Save the following content to. htaccess

The code is as follows: Copy code
<Files wp-login.php>
AuthGroupFile/dev/null
AuthType Basic
AuthUserFile/home/username/. htpasswd
AuthName "admin"
Require valid-user
</Files>

This content is meant to protect the wp-login.php page, requiring that you have to enter a password for access.

Save the above content as a file named. htpasswd and upload it to the user root directory (non-website root directory), that is, the first directory displayed after the FTP Link.

Modify the. htaccess file

Modify the admin in AuthName "admin" to the user name you just set in. htpasswd;

Change username in AuthUserFile/home/username/. htpasswd to your FTP username.

Then open the URL/wp-login.php to test.

Simply put

. Htpasswd Upload to/Directory

. Htaccess is uploaded to the/domains/liurang.com/public_htmldirectory. (if the file already exists, copy the content .)


Attach some other methods

Anti-Leech
The leeching of images may be the biggest headache for many webmasters. If your images are taken for nothing, they will occupy the resources of their websites for free, using htaccess files can also implement anti-Leech functions. The code is as follows:

The code is as follows: Copy code
RewriteEngine On
RewriteCond % {HTTP_REFERER }! ^ Http://domain.com/.#$ [NC]
RewriteCond % {HTTP_REFERER }! ^ Http://domain.com $ [NC]
RewriteCond % {HTTP_REFERER }! ^ Http://www.domain.com/.#$ [NC]
RewriteCond % {HTTP_REFERER }! ^ Http://www.domain.com $ [NC]
RewriteRule. *. (gif | jpg | jpeg | png | bmp | swf | mp3 | wav | zip | rar) $ http://www.domain.com/404.html [R, NC]

This code will determine the request referer. If the link is not clicked from this site, it will jump to a 404 page by default. The RewriteRule specifies the file type for anti-Leech protection.

Prevent spam comments
For example, using htaccess can also prevent some spam comments with unknown sources:

The code is as follows: Copy code

RewriteEngine On
RewriteCond % {REQUEST_METHOD} POST
RewriteCond % {REQUEST_URI}. Wp-comments-post.php *
RewriteCond % {HTTP_REFERER }!. * Domain.com. * [OR]
RewriteCond % {HTTP_USER_AGENT} ^ $
RewriteRule (. *) ^ http://domain.com/$ [R = 301, L]


This code determines whether a POST request is sent by a browser (whether HTTP_USER_AGENT is null) and whether the Refer is on this site, as long as any of the conditions is not met, the request is automatically redirected to the home page.

Note: This code only applies to Wordpress. In fact, the framework can modify wp-comments-post to the corresponding URL based on the actual situation.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.