-
Notifications
You must be signed in to change notification settings - Fork 0
/
SECURITY-WEB-DEVELOPMENT
173 lines (145 loc) · 4.91 KB
/
SECURITY-WEB-DEVELOPMENT
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
# TO FILE PERMISSIONS
755 CARPETS
644 FILES
600 WP-CONFIG
604 HTACCESS
# TO HTACCESS
RewriteEngine on
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://url.com/$1 [R=301,L]
Options +FollowSymLinks
<files wp-config.php>
order allow,deny
deny from all
</files>
<files .htaccess>
Order allow,deny
Deny from all
</files>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>
<IfModule mod_alias.c>
RedirectMatch 403 /(.*)/xmlrpc\.php$
</IfModule>
<IfModule mod_alias.c>
<FilesMatch "\.(html|htm|rtf|rtx|txt|xsd|xsl|xml)$">
<IfModule mod_headers.c>
Header set X-Powered-By "IzignaMx"
Header unset Pragma
Header append Cache-Control "public"
Header unset Last-Modified
</FilesMatch>
</IfModule>
php_value upload_max_filesize 512M
php_value post_max_size 512M
php_value memory_limit 512M
php_value max_execution_time 600
php_value max_input_time 600
php_value max_input_vars 6000
htaccess code
ServerSignature Off
BulletProof Mode
Options -Indexes
DirectoryIndex index.php index.html /index.php
dot: .htaccess, .htpasswd, .errordocs, .logs
RedirectMatch 403 \.(htaccess|htpasswd|errordocs|logs)$
# TO WP-CONFIG.PHP
## Disable Editing in Dashboard
define('WP_MEMORY_LIMIT','256M');
define('DISALLOW_FILE_EDIT',true);
define('WP_HOME','https://url.com');
define('WP_SITEURL','https://url.com');
define('WP_AUTO_UPDATE_CORE',false);
# TO FUNCTIONS.PHP
# PROCEED WITH CAUTION
// Hide WordPress Version Info
function hide_wordpress_version() {return '';}
add_filter('the_generator', 'hide_wordpress_version');
function hide_wordpress_version_in_script($src, $handle) {
$src = remove_query_arg('ver', $src);
return $src;
}
add_filter( 'style_loader_src', 'hide_wordpress_version_in_script', 10, 2 );
add_filter( 'script_loader_src', 'hide_wordpress_version_in_script', 10, 2 );
// Remove WordPress Meta Generator
remove_action('wp_head', 'wp_generator');
// REMOVE OUTPUT ID
add_filter('script_loader_tag', 'clean_script_tag');
function clean_script_tag($input) {
$input = str_replace("type='text/javascript' ", '', $input);
return str_replace("'", '"', $input);
}
add_filter( 'style_loader_tag', function ( $tag, $handle ) {
return str_replace( " id='$handle-css'", '', $tag );
}, 10, 2 );
function removeHeadLinks() {
remove_action('wp_head', 'rsd_link');
remove_action('wp_head', 'wlwmanifest_link');
}
add_action('init', 'removeHeadLinks');
// REMOVE DNS-PREFETCH
remove_action( 'wp_head', 'wp_resource_hints', 2 );
remove_action( 'wp_head', 'dns-prefetch' );
function remove_dns_prefetch( $hints, $relation_type ) {
if ( 'dns-prefetch' === $relation_type ) {
return array_diff( wp_dependencies_unique_hosts(), $hints );
}
return $hints;
}
add_filter( 'wp_resource_hints', 'remove_dns_prefetch', 10, 2 );
// REMOVE GENERATORS META TAGS
function remove_meta_generators($html) {
$pattern = '/<meta name(.*)=(.*)"generator"(.*)>/i';
$html = preg_replace($pattern, '', $html);
return $html;
}
function clean_meta_generators($html) {
ob_start('remove_meta_generators');
}
add_action('get_header', 'clean_meta_generators', 100);
add_action('wp_footer', function(){ ob_end_flush(); }, 100);
// REMOVE EMOJIS
if (!is_admin()) {
remove_action( 'wp_head', 'print_emoji_detection_script', 7 );
remove_action( 'admin_print_scripts', 'print_emoji_detection_script' );
remove_action( 'wp_print_styles', 'print_emoji_styles' );
remove_action( 'admin_print_styles', 'print_emoji_styles' );
add_action('wp_print_styles', 'deregister_dashicons',100);
function deregister_dashicons() {
wp_deregister_style('dashicons');
}
}
function disable_embeds_code_init() {
// Remove the REST API endpoint.
remove_action( 'rest_api_init', 'wp_oembed_register_route' );
// Turn off oEmbed auto discovery.
add_filter( 'embed_oembed_discover', '__return_false' );
// Don't filter oEmbed results.
remove_filter( 'oembed_dataparse', 'wp_filter_oembed_result', 10 );
// Remove oEmbed discovery links.
remove_action( 'wp_head', 'wp_oembed_add_discovery_links' );
// Remove oEmbed-specific JavaScript from the front-end and back-end.
remove_action( 'wp_head', 'wp_oembed_add_host_js' );
add_filter( 'tiny_mce_plugins', 'disable_embeds_tiny_mce_plugin' );
// Remove filter of the oEmbed result before any HTTP requests are made.
remove_filter( 'pre_oembed_result', 'wp_filter_pre_oembed_result', 10 );
}
add_action( 'init', 'disable_embeds_code_init', 9999 );
function disable_embeds_tiny_mce_plugin($plugins) {
return array_diff($plugins, array('wpembed'));
}
// IMPROVED SECURITY
add_action( 'send_headers', 'add_http_headers' );
function add_http_headers() {
header( 'X-Content-Type-Options: nosniff' );
header( 'X-XSS-Protection: 1;mode=block' );
header( 'X-Robots-Tag: none' );
header( 'X-Frame-Options: SAMEORIGIN' );
}