htaccess protect wordpress blog

[hayem]

i have found this htaccess code and wanted to know if its safe to use:
+++++++++++++++++++++++++++++++++++++++

HTML Code:

RewriteEngine On

# proc/self/environ? no way!
RewriteCond %{QUERY_STRING} proc/self/environ [OR]

# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]

# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]

# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]

# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|[|\%[0-9A-Z]{0,2}) [OR]

# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|[|\%[0-9A-Z]{0,2})

# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]

#Options +FollowSymlinks
RewriteEngine On
RewriteCond %{http_host} ^yoursite.com
RewriteRule ^(.*) http://www.yoursite.com/$1 [R=301,L]

# Protect from spam bots
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.yoursite.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]
</IfModule>

# STRONG HTACCESS PROTECTION</code>
<Files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</Files>

<IfModule mod_speling.c>
CheckSpelling On
</IfModule>

# disable directory browsing
Options All -Indexes

<files wp-config.php>
order allow,deny
deny from all
</files>

[dklynn]

hay,

First, let me chastise you for using (at least wanting to use) code you do not understand.

Comments on the code:

Code:

RewriteEngine On

# proc/self/environ? no way!
RewriteCond %{QUERY_STRING} proc/self/environ [OR]

# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]

# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]

# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]

# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|[|\%[0-9A-Z]{0,2}) [OR]

# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|[|\%[0-9A-Z]{0,2})

# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
All you need to Fail the request is RewriteRule .? - [F]
It seems okay so far.
Options +FollowSymLinks
Why would you add this now?
RewriteEngine On
DITTO!
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
I thought you'd decided above to FAIL the request
RewriteRule ^(.*)$ index.php [F,L]

#Options +FollowSymlinks
RewriteEngine On
Repeat DITTO!
RewriteCond %{http_host} ^yoursite.com
You don't bother to specify (escape) dot characters, use end anchors or specify No Case?
RewriteRule ^(.*) http://www.yoursite.com/$1 [R=301,L]
I would have used RewriteRule .? http://www.yoursite.com%{REQUEST_URI} [R=301,L]
# Protect from spam bots
<IfModule mod_rewrite.c>
[rant #4]
The definition of an idiot is someone who repeatedly does the same thing expecting a different result.  Asking Apache to confirm the existence of ANY module with an <IfModule> ... </IfModule> wrapper is the same thing in the webmaster world.  DON'T BE AN IDIOT!  If you don't know whether a module is enabled, run the test ONCE then REMOVE the wrapper as it is EXTREMELY wasteful of Apache's resources (and should NEVER be allowed on a shared server).
[/rant 4]
RewriteEngine On
Repetitively repeat DITTO!
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
Zero or more p's on the .ph?
RewriteCond %{HTTP_REFERER} !.yoursite.com.* [OR]
Same as above on %{HTTP_HOST}
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]
... how many ISPs/hackers would use their own IP address? (Hint: Zero)
</IfModule>

# STRONG HTACCESS PROTECTION</code>
<Files ~ "^.*\.([Hh][Tt][Aa])">
Seriously? Okay, close but off enough to be ridiculous, IMHO. Just use <Files \.ht> and be done with it.
order allow,deny
deny from all
satisfy all
</Files>

<IfModule mod_speling.c>
[rant #4]
The definition of an idiot is someone who repeatedly does the same thing expecting a different result.  Asking Apache to confirm the existence of ANY module with an <IfModule> ... </IfModule> wrapper is the same thing in the webmaster world.  DON'T BE AN IDIOT!  If you don't know whether a module is enabled, run the test ONCE then REMOVE the wrapper as it is EXTREMELY wasteful of Apache's resources (and should NEVER be allowed on a shared server).
[/rant 4]
CheckSpelling On
In my usage, I've not had to turn this on, only include it as a module in Apache.
</IfModule>

# disable directory browsing
Options All -Indexes

<files wp-config.php>
order allow,deny
deny from all
</files>

Whew! Sorry for the "abuse" but you asked whether it was safe or not and that demands explanations. You know me well enough to know the "abuse" isn't personal AND that I tend to get pedantic - especially about mod_rewrite code!

Regards,

DK

[hayem]

I agree,i do not understand why use it.
I am having problems with hostgator malwares jumping to my sites.i am wasting too much time so that's why i am bit frustrated.

i am thinking to use Better wp security and WP-Security Admin tools by WebsiteDefender

any recommandations?thanks

ps:thank you for detailed explanation

[dklynn]

hay,

Thank you for understanding my detailed explanation. You might benefit from reading the mod_rewrite tutorial linked in my signature as it contains explanations and sample code. It's helped may members and should help you, too.

If your site has been hacked (it has if you have malware on it), you need to clean out all malware and install the latest WP which has likely fixed the security holes. Then it's important to keep WP updated lest you have to repeat that exercise.

If you can, check your database for illicit entries - especially in the administration area as hackers will generally give themselves admin privileges. Once those are clear, export the database to your computer, DELETE EVERYTHING, change your passwords using STRONG passwords, reinstall and replace the new database with the old. Be sure that your new password is in the database, not the old one.

Regards,

DK

[hayem]

Thank you David,
i have purchased wp secure code,can i send you for your expert advise if its safe to use or not?
my email is khorenp[at] yahoo [dot] com

thank you in advance

[dklynn]

hayem,

Thank you for that offer but, if you've paid for it, I don't believe you can provide it to anyone without violating a copyright - even for a review. If you're convinced you are allowed to do so, PM it to me and I'll PM the review back to you directly.

Regards,

DK