Support » Allgemeine Fragen » Seite und Login mit „Forbidden“ blockiert
Seite und Login mit „Forbidden“ blockiert
-
Hallo,
anstelle der Seite wird diese Fehlermeldung ausgegeben:
Forbidden
You don’t have permission to access this resource.In der Adresszeile steht hinter meiner Domain automatisch dieser Eintrag:
/wp-admin/install.php
Das Selbe wird beim Aufrufen der wp-admin automatisch angezeigt.
Im Installationsordner gibt es zusätzlich eine Datei „.htaccess.bk“, welche nicht von mir stammt.
Was könnte bitte eine mögliche Fehlerursache sein?
Danke, Karl
-
Die Fehlermelung „403 – Forbidden“ bedeutet, dass der Zugriff auf die Datei oder das Verzeichnis, das du ansehen möchtest, entweder durch einen Eintrag in der
.htaccess
oder durch eine falsch gesetzte Dateiberechtigung gesperrt wird. Als Erklärung wäre naheliegend, dass du versucht hast, Sicherheitseinstellungen vorzunehmen und dabei einen Fehler gemacht hast.Wird beim Aufruf einer WordPress-Installation auf die Datei
wp-admin/install.php
weitergeleitet, geht WordPress davon aus, dass die Installation noch nicht erfolgt ist. Das ist z.B. dann der Fall, wenn auf die Datenbank-Tabellen nicht zugegriffen werden kann.Mit einer URL zur Website lässt sich das weniger theoretisch klären. Bitte lis dazu nochmal: Warum ein Link zu deiner Website wichtig ist
Zu deiner nachträglichen Erwähnung: Poste doch bitte mal den Inhalt von
.htaccess
und.htaccess.bk
..bk
ist eigentlich eine Dateierweiterung von Adobe Framemaker, kann aber auch für ein „Backup“ verwendet worden sein. Manchmal ändern Webhoster recht eigenmächtig Dateien, wenn der Server übermäßig belastet oder eine Schadsoftware entdeckt wurde. Es kann durchaus sein, dass der Webhoster hier eine Änderung vorgenommen und die alte Version gesichert hat. (Keine gute Idee, weil ich eine.bk
-Datei im Browser ausgegen könnte, wenn die Dateiendung nicht speziell gesichert wurde).Danke.
hier die .htaccess:
######################################################################### # GZIP-Komprimierung aktiviert am 15.08.2021 # Gzip compression # quelle: https://kinsta.com/de/blog/gzip-komprimierung-aktivieren/#wie-man-die-gzipkomprimierung-aktiviert # und # https://docs.wp-rocket.me/article/63-enable-gzip-compression ############################################## # Gzip compression <IfModule mod_deflate.c> # Active compression SetOutputFilter DEFLATE # Force deflate for mangled headers <IfModule mod_setenvif.c> <IfModule mod_headers.c> SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding # Don’t compress images and other uncompressible content SetEnvIfNoCase Request_URI \ \.(?:gif|jpe?g|png|rar|zip|exe|flv|mov|wma|mp3|avi|swf|mp?g|mp4|webm|webp|pdf)$ no-gzip dont-vary </IfModule> </IfModule> # Compress all output labeled with one of the following MIME-types <IfModule mod_filter.c> AddOutputFilterByType DEFLATE application/atom+xml \ application/javascript \ application/json \ application/rss+xml \ application/vnd.ms-fontobject \ application/x-font-ttf \ application/xhtml+xml \ application/xml \ font/opentype \ image/svg+xml \ image/x-icon \ text/css \ text/html \ text/plain \ text/x-component \ text/xml </IfModule> <IfModule mod_headers.c> Header append Vary: Accept-Encoding </IfModule> </IfModule> <IfModule mod_mime.c> AddType text/html .html_gzip AddEncoding gzip .html_gzip </IfModule> <IfModule mod_setenvif.c> SetEnvIfNoCase Request_URI \.html_gzip$ no-gzip ############################################### # BEGIN LSCACHE ## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ## <IfModule LiteSpeed> RewriteEngine on CacheLookup on RewriteRule .* - [E=Cache-Control:no-autoflush] RewriteRule \.litespeed_conf\.dat - [F,L] ### marker MOBILE start ### RewriteCond %{HTTP_USER_AGENT} Mobile|Android|Silk/|Kindle|BlackBerry|Opera\ Mini|Opera\ Mobi [NC] RewriteRule .* - [E=Cache-Control:vary=%{ENV:LSCACHE_VARY_VALUE}+ismobile] ### marker MOBILE end ### ### marker CACHE RESOURCE start ### RewriteRule http://foto.bildermann.de/wp-content/.*/[^/]*(responsive|css|js|dynamic|loader|fonts)\.php - [E=cache-control:max-age=3600] ### marker CACHE RESOURCE end ### ### marker FAVICON start ### RewriteRule favicon\.ico$ - [E=cache-control:max-age=86400] ### marker FAVICON end ### ### marker WEBP start ### RewriteCond %{HTTP_ACCEPT} "image/webp" [or] RewriteCond %{HTTP_USER_AGENT} "Page Speed" RewriteRule .* - [E=Cache-Control:vary=%{ENV:LSCACHE_VARY_VALUE}+webp] RewriteCond %{HTTP_USER_AGENT} iPhone.*Version/(\d{2}).*Safari RewriteCond %1 >13 RewriteRule .* - [E=Cache-Control:vary=%{ENV:LSCACHE_VARY_VALUE}+webp] ### marker WEBP end ### ### marker DROPQS start ### CacheKeyModify -qs:fbclid CacheKeyModify -qs:gclid CacheKeyModify -qs:utm* CacheKeyModify -qs:_ga ### marker DROPQS end ### </IfModule> ## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ## # END LSCACHE # BEGIN NON_LSCACHE ## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ## ## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ## # END NON_LSCACHE ######################################################################## # OPTIMAL .htaccess FILE FOR SPEED AND SECURITY @Version 2.0.1 - 08/2020 # ---------------------------------------------------------------------- # @Author: Andreas Hecht # @Author URI: https://seoagentur-hamburg.com # License: GNU General Public License v2 or later # License URI: http://www.gnu.org/licenses/gpl-2.0.html ######################################################################## # ---------------------------------------------------------------------- # Rewrite from HTTP to HTTPS - if you want to use it, comment it out # ---------------------------------------------------------------------- #<IfModule mod_rewrite.c> #RewriteEngine On #RewriteCond %{HTTPS} !=on #RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] #</IfModule> # ---------------------------------------------------------------------- # | Activate CORS # ---------------------------------------------------------------------- <IfModule mod_headers.c> <FilesMatch "\.(ttf|ttc|otf|eot|woff|woff2|font.css|css|js|gif|png|jpe?g|svg|svgz|ico|webp)$"> Header set Access-Control-Allow-Origin "*" </FilesMatch> </IfModule> # ----------------------------------------------------------------------- # | 404 Fix: Block Nuisance Requests for Non-Existent Files - New in 2018 # https://perishablepress.com/block-nuisance-requests - @Update 2019 # ----------------------------------------------------------------------- <IfModule mod_alias.c> RedirectMatch 403 (?i)\.php\.suspected RedirectMatch 403 (?i)apple-app-site-association RedirectMatch 403 (?i)/autodiscover/autodiscover.xml </IfModule> # ---------------------------------------------------------------------- # | Compressing and Caching - Version 2020 | # ---------------------------------------------------------------------- # Serve resources with far-future expires headers. # # (!) If you don't control versioning with filename-based # cache busting, you should consider lowering the cache times # to something like one week. # # https://httpd.apache.org/docs/current/mod/mod_expires.html <IfModule mod_expires.c> ExpiresActive on ExpiresDefault "access plus 1 month" # CSS ExpiresByType text/css "access plus 1 year" # Data interchange ExpiresByType application/atom+xml "access plus 1 hour" ExpiresByType application/rdf+xml "access plus 1 hour" ExpiresByType application/rss+xml "access plus 1 hour" ExpiresByType application/json "access plus 0 seconds" ExpiresByType application/ld+json "access plus 0 seconds" ExpiresByType application/schema+json "access plus 0 seconds" ExpiresByType application/vnd.geo+json "access plus 0 seconds" ExpiresByType application/xml "access plus 0 seconds" ExpiresByType text/xml "access plus 0 seconds" # Favicon (cannot be renamed!) and cursor images ExpiresByType image/vnd.microsoft.icon "access plus 1 week" ExpiresByType image/x-icon "access plus 1 week" # HTML - No Caching ExpiresByType text/html "access plus 0 seconds" # JavaScript ExpiresByType application/javascript "access plus 1 year" ExpiresByType application/x-javascript "access plus 1 year" ExpiresByType text/javascript "access plus 1 year" # Manifest files ExpiresByType application/manifest+json "access plus 1 week" ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds" ExpiresByType text/cache-manifest "access plus 0 seconds" # Update 2020: Google recommendation: cache duration increased to 1 year # @see: https://web.dev/uses-long-cache-ttl/ # Media files ExpiresByType audio/ogg "access plus 1 year" ExpiresByType image/bmp "access plus 1 year" ExpiresByType image/gif "access plus 1 year" ExpiresByType image/jpeg "access plus 1 year" ExpiresByType image/png "access plus 1 year" ExpiresByType image/svg+xml "access plus 1 year" ExpiresByType image/webp "access plus 1 year" ExpiresByType video/mp4 "access plus 1 year" ExpiresByType video/ogg "access plus 1 year" ExpiresByType video/webm "access plus 1 year" # Web fonts # Embedded OpenType (EOT) ExpiresByType application/vnd.ms-fontobject "access plus 1 year" ExpiresByType font/eot "access plus 1 year" # OpenType ExpiresByType font/opentype "access plus 1 year" # TrueType ExpiresByType application/x-font-ttf "access plus 1 year" # Web Open Font Format (WOFF) 1.0 ExpiresByType application/font-woff "access plus 1 year" ExpiresByType application/x-font-woff "access plus 1 year" ExpiresByType font/woff "access plus 1 year" # Web Open Font Format (WOFF) 2.0 ExpiresByType application/font-woff2 "access plus 1 year" # Other ExpiresByType text/x-cross-domain-policy "access plus 1 week" </IfModule> <IfModule mod_deflate.c> # Insert filters / compress text, html, javascript, css, xml: AddOutputFilterByType DEFLATE text/plain AddOutputFilterByType DEFLATE text/html AddOutputFilterByType DEFLATE text/xml AddOutputFilterByType DEFLATE text/css AddOutputFilterByType DEFLATE text/vtt AddOutputFilterByType DEFLATE text/x-component AddOutputFilterByType DEFLATE application/xml AddOutputFilterByType DEFLATE application/xhtml+xml AddOutputFilterByType DEFLATE application/rss+xml AddOutputFilterByType DEFLATE application/js AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType DEFLATE application/x-javascript AddOutputFilterByType DEFLATE application/x-httpd-php AddOutputFilterByType DEFLATE application/x-httpd-fastphp AddOutputFilterByType DEFLATE application/atom+xml AddOutputFilterByType DEFLATE application/json AddOutputFilterByType DEFLATE application/ld+json AddOutputFilterByType DEFLATE application/vnd.ms-fontobject AddOutputFilterByType DEFLATE application/x-font-ttf AddOutputFilterByType DEFLATE application/font-woff2 AddOutputFilterByType DEFLATE application/x-font-woff AddOutputFilterByType DEFLATE application/x-web-app-manifest+json font/woff AddOutputFilterByType DEFLATE font/woff AddOutputFilterByType DEFLATE font/opentype AddOutputFilterByType DEFLATE image/svg+xml AddOutputFilterByType DEFLATE image/x-icon # Exception: Images SetEnvIfNoCase REQUEST_URI \.(?:gif|jpg|jpeg|png|svg)$ no-gzip dont-vary # Drop problematic browsers BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4\.0[678] no-gzip BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html # Make sure proxies don't deliver the wrong content Header append Vary User-Agent env=!dont-vary </IfModule> #Alternative caching using Apache's "mod_headers", if it's installed. #Caching of common files - ENABLED <IfModule mod_headers.c> <FilesMatch "\.(ico|pdf|flv|swf|js|css|gif|png|jpg|jpeg|txt|woff2|woff)$"> Header set Cache-Control "max-age=31536000, public" </FilesMatch> </IfModule> <IfModule mod_headers.c> <FilesMatch "\.(js|css|xml|gz)$"> Header append Vary Accept-Encoding </FilesMatch> </IfModule> # Set Keep Alive Header <IfModule mod_headers.c> Header set Connection keep-alive </IfModule> # If your server don't support ETags deactivate with "None" (and remove header) <IfModule mod_expires.c> <IfModule mod_headers.c> Header unset ETag </IfModule> FileETag None </IfModule> <IfModule mod_headers.c> <FilesMatch ".(js|css|xml|gz|html|woff|woff2|ttf)$"> Header append Vary: Accept-Encoding </FilesMatch> </IfModule> # ---------------------------------------------------------------------- # | 7G Firewall for Security - Do not change this part @Update 2020 # ---------------------------------------------------------------------- # 7G FIREWALL v1.3 20200903 # @ https://perishablepress.com/7g-firewall/ # 7G:[CORE] ServerSignature Off Options -Indexes RewriteEngine On RewriteBase / # 7G:[QUERY STRING] <IfModule mod_rewrite.c> RewriteCond %{QUERY_STRING} ([a-z0-9]{2000,}) [NC,OR] RewriteCond %{QUERY_STRING} (/|%2f)(:|%3a)(/|%2f) [NC,OR] RewriteCond %{QUERY_STRING} (/|%2f)(\*|%2a)(\*|%2a)(/|%2f) [NC,OR] RewriteCond %{QUERY_STRING} ('' |<|>|\^|\|\\|0x00|%00|%0d%0a) [NC,OR] RewriteCond %{QUERY_STRING} (cmd|command)(=|%3d)(chdir|mkdir)(.*)(x20) [NC,OR] RewriteCond %{QUERY_STRING} (ckfinder|fullclick|ckfinder|fckeditor) [NC,OR] RewriteCond %{QUERY_STRING} (globals|mosconfig([a-z_]{1,22})|request)(=|\[) [NC,OR] RewriteCond %{QUERY_STRING} (/|%2f)((wp-)?config)((\.|%2e)inc)?((\.|%2e)php) [NC,OR] RewriteCond %{QUERY_STRING} (thumbs?(_editor|open)?|tim(thumbs?)?)((\.|%2e)php) [NC,OR] RewriteCond %{QUERY_STRING} (absolute_|base|root_)(dir|path)(=|%3d)(ftp|https?) [NC,OR] RewriteCond %{QUERY_STRING} (localhost|loopback|127(\.|%2e)0(\.|%2e)0(\.|%2e)1) [NC,OR] RewriteCond %{QUERY_STRING} (s)?(ftp|inurl|php)(s)?(:(/|%2f|%u2215)(/|%2f|%u2215)) [NC,OR] RewriteCond %{QUERY_STRING} (\.|20)(get|the)(_|%5f)(permalink|posts_page_url)(\(|%28) [NC,OR] RewriteCond %{QUERY_STRING} ((boot|win)((\.|%2e)ini)|etc(/|%2f)passwd|self(/|%2f)environ) [NC,OR] RewriteCond %{QUERY_STRING} (((/|%2f){3,3})|((\.|%2e){3,3})|((\.|%2e){2,2})(/|%2f|%u2215)) [NC,OR] RewriteCond %{QUERY_STRING} (benchmark|char|exec|fopen|function|html)(.*)(\(|%28)(.*)(\)|%29) [NC,OR] RewriteCond %{QUERY_STRING} (php)([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}) [NC,OR] RewriteCond %{QUERY_STRING} (e|%65|%45)(v|%76|%56)(a|%61|%31)(l|%6c|%4c)(.*)(\(|%28)(.*)(\)|%29) [NC,OR] RewriteCond %{QUERY_STRING} (/|%2f)(=|%3d|$&|_mm|cgi(\.|-)|inurl(:|%3a)(/|%2f)|(mod|path)(=|%3d)(\.|%2e)) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3c)(.*)(e|%65|%45)(m|%6d|%4d)(b|%62|%42)(e|%65|%45)(d|%64|%44)(.*)(>|%3e) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3c)(.*)(i|%69|%49)(f|%66|%46)(r|%72|%52)(a|%61|%41)(m|%6d|%4d)(e|%65|%45)(.*)(>|%3e) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3c)(.*)(o|%4f|%6f)(b|%62|%42)(j|%4a|%6a)(e|%65|%45)(c|%63|%43)(t|%74|%54)(.*)(>|%3e) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3c)(.*)(s|%73|%53)(c|%63|%43)(r|%72|%52)(i|%69|%49)(p|%70|%50)(t|%74|%54)(.*)(>|%3e) [NC,OR] RewriteCond %{QUERY_STRING} (\+|%2b|%20)(d|%64|%44)(e|%65|%45)(l|%6c|%4c)(e|%65|%45)(t|%74|%54)(e|%65|%45)(\+|%2b|%20) [NC,OR] RewriteCond %{QUERY_STRING} (\+|%2b|%20)(i|%69|%49)(n|%6e|%4e)(s|%73|%53)(e|%65|%45)(r|%72|%52)(t|%74|%54)(\+|%2b|%20) [NC,OR] RewriteCond %{QUERY_STRING} (\+|%2b|%20)(s|%73|%53)(e|%65|%45)(l|%6c|%4c)(e|%65|%45)(c|%63|%43)(t|%74|%54)(\+|%2b|%20) [NC,OR] RewriteCond %{QUERY_STRING} (\+|%2b|%20)(u|%75|%55)(p|%70|%50)(d|%64|%44)(a|%61|%41)(t|%74|%54)(e|%65|%45)(\+|%2b|%20) [NC,OR] RewriteCond %{QUERY_STRING} (\\x00|(\"|%22|\'|%27)?0(\"|%22|\'|%27)?(=|%3d)(\"|%22|\'|%27)?0|cast(\(|%28)0x|or%201(=|%3d)1) [NC,OR] RewriteCond %{QUERY_STRING} (g|%67|%47)(l|%6c|%4c)(o|%6f|%4f)(b|%62|%42)(a|%61|%41)(l|%6c|%4c)(s|%73|%53)(=|[|%[0-9A-Z]{0,2}) [NC,OR] RewriteCond %{QUERY_STRING} (_|%5f)(r|%72|%52)(e|%65|%45)(q|%71|%51)(u|%75|%55)(e|%65|%45)(s|%73|%53)(t|%74|%54)(=|[|%[0-9A-Z]{2,}) [NC,OR] RewriteCond %{QUERY_STRING} (j|%6a|%4a)(a|%61|%41)(v|%76|%56)(a|%61|%31)(s|%73|%53)(c|%63|%43)(r|%72|%52)(i|%69|%49)(p|%70|%50)(t|%74|%54)(:|%3a)(.*)(;|%3b|\)|%29) [NC,OR] RewriteCond %{QUERY_STRING} (b|%62|%42)(a|%61|%41)(s|%73|%53)(e|%65|%45)(6|%36)(4|%34)(_|%5f)(e|%65|%45|d|%64|%44)(e|%65|%45|n|%6e|%4e)(c|%63|%43)(o|%6f|%4f)(d|%64|%44)(e|%65|%45)(.*)(\()(.*)(\)) [NC,OR] RewriteCond %{QUERY_STRING} (@copy|\$_(files|get|post)|allow_url_(fopen|include)|auto_prepend_file|blexbot|browsersploit|(c99|php)shell|curl(_exec|test)|disable_functions?|document_root|elastix|encodeuricom|exploit|fclose|fgets|file_put_contents|fputs|fsbuff|fsockopen|gethostbyname|grablogin|hmei7|input_file|null|open_basedir|outfile|passthru|phpinfo|popen|proc_open|quickbrute|remoteview|root_path|safe_mode|shell_exec|site((.){0,2})copier|sux0r|trojan|user_func_array|wget|xertive) [NC,OR] RewriteCond %{QUERY_STRING} (;|<|>|\'|\"|\)|%0a|%0d|%22|%27|%3c|%3e|%00)(.*)(/\*|alter|base64|benchmark|cast|char|concat|convert|create|encode|declare|delete|drop|insert|md5|order|request|script|select|set|union|update) [NC,OR] RewriteCond %{QUERY_STRING} ((\+|%2b)(concat|delete|get|select|union)(\+|%2b)) [NC,OR] RewriteCond %{QUERY_STRING} (union)(.*)(select)(.*)(\(|%28) [NC,OR] RewriteCond %{QUERY_STRING} (concat)(.*)(\(|%28) [NC] RewriteRule .* - [F,L] # RewriteRule .* /7G_log.php?log [END,NE,E=7G_QUERY_STRING:%1___%2___%3] </IfModule> # 7G:[REQUEST URI] <IfModule mod_rewrite.c> RewriteCond %{REQUEST_URI} ([a-z0-9]{2000,}) [NC,OR] RewriteCond %{REQUEST_URI} (=?\\(\'|%27)/?)(\.) [NC,OR] RewriteCond %{REQUEST_URI} (\^|''|<|>|%|\\|\{|\}|\|) [NC,OR] RewriteCond %{REQUEST_URI} (/)(\*|\"|\'|\.|,|&|&?)/?$ [NC,OR] RewriteCond %{REQUEST_URI} (\.)(php)(\()?([0-9]+)(\))?(/)?$ [NC,OR] RewriteCond %{REQUEST_URI} (/)(vbulletin|boards|vbforum)(/)? [NC,OR] RewriteCond %{REQUEST_URI} (\.(s?ftp-?)config|(s?ftp-?)config\.) [NC,OR] RewriteCond %{REQUEST_URI} (\{0\}|\"?0\"?=\"?0|\(/\(|\.\.\.|\+\+\+|\\\") [NC,OR] RewriteCond %{REQUEST_URI} (thumbs?(_editor|open)?|tim(thumbs?)?)(\.php) [NC,OR] RewriteCond %{REQUEST_URI} (/)(fck|ckfinder|fullclick|ckfinder|fckeditor) [NC,OR] RewriteCond %{REQUEST_URI} (\.|20)(get|the)(_)(permalink|posts_page_url)(\() [NC,OR] RewriteCond %{REQUEST_URI} (///|\?\?|/&&|/\*(.*)\*/|/:/|\\\\|0x00|%00|%0d%0a) [NC,OR] RewriteCond %{REQUEST_URI} (/%7e)(root|ftp|bin|nobody|named|guest|logs|sshd)(/) [NC,OR] RewriteCond %{REQUEST_URI} (/)(etc|var)(/)(hidden|secret|shadow|ninja|passwd|tmp)(/)?$ [NC,OR] RewriteCond %{REQUEST_URI} (s)?(ftp|http|inurl|php)(s)?(:(/|%2f|%u2215)(/|%2f|%u2215)) [NC,OR] RewriteCond %{REQUEST_URI} (/)(=|\$&?|&?(pws|rk)=0|_mm|_vti_|cgi(\.|-)?|(=|/|;|,)nt\.) [NC,OR] RewriteCond %{REQUEST_URI} (\.)(ds_store|htaccess|htpasswd|init?|mysql-select-db)(/)?$ [NC,OR] RewriteCond %{REQUEST_URI} (/)(bin)(/)(cc|chmod|chsh|cpp|echo|id|kill|mail|nasm|perl|ping|ps|python|tclsh)(/)?$ [NC,OR] RewriteCond %{REQUEST_URI} (/)(::[0-9999]|%3a%3a[0-9999]|127\.0\.0\.1|localhost|loopback|makefile|pingserver|wwwroot)(/)? [NC,OR] RewriteCond %{REQUEST_URI} (\(null\)|\{\$itemURL\}|cAsT\(0x|echo(.*)kae|etc/passwd|eval\(|self/environ|\+union\+all\+select) [NC,OR] RewriteCond %{REQUEST_URI} (/)(awstats|(c99|php|web)shell|document_root|error_log|listinfo|muieblack|remoteview|site((.){0,2})copier|sqlpatch|sux0r) [NC,OR] RewriteCond %{REQUEST_URI} (/)((php|web)?shell|crossdomain|fileditor|locus7|nstview|php(get|remoteview|writer)|r57|remview|sshphp|storm7|webadmin)(.*)(\.|\() [NC,OR] RewriteCond %{REQUEST_URI} (/)(author-panel|bitrix|class|database|(db|mysql)-?admin|filemanager|htdocs|httpdocs|https?|mailman|mailto|msoffice|mysql|_?php-?my-?admin(.*)|tmp|undefined|usage|var|vhosts|webmaster|www)(/) [NC,OR] RewriteCond %{REQUEST_URI} (\.)(7z|ab4|afm|aspx?|bash|ba?k?|bz2|cfg|cfml?|cgi|ctl|dat|db|dll|eml|et2|exe|fec|fla|hg|inc|ini|inv|jsp|log|lqd|mbf|mdb|mmw|mny|old|one|out|passwd|pdb|pl|psd|pst|ptdb|pwd|py|qbb|qdf|rar|rdf|sdb|sql|sh|soa|swf|swl|swp|stx|tar|tax|tgz|tls|tmd|wow|zlib)$ [NC,OR] RewriteCond %{REQUEST_URI} (base64_(en|de)code|benchmark|child_terminate|curl_exec|e?chr|eval|function|fwrite|(f|p)open|html|leak|passthru|p?fsockopen|phpinfo|posix_(kill|mkfifo|setpgid|setsid|setuid)|proc_(close|get_status|nice|open|terminate)|(shell_)?exec|system)(.*)(\()(.*)(\)) [NC,OR] RewriteCond %{REQUEST_URI} (/)(^$|00.temp00|0day|3xp|70bex?|admin_events|bkht|(php|web)?shell|configbak|curltest|db|dompdf|filenetworks|hmei7|index\.php/index\.php/index|jahat|kcrew|keywordspy|mobiquo|mysql|nessus|php-?info|racrew|sql|vuln|webconfig|(wp-)?conf(ig)?(uration)?|xertive)(\.php) [NC] RewriteRule .* - [F,L] # RewriteRule .* /7G_log.php?log [END,NE,E=7G_REQUEST_URI:%1___%2___%3] </IfModule> # 7G:[USER AGENT] <IfModule mod_rewrite.c> RewriteCond %{HTTP_USER_AGENT} ([a-z0-9]{2000,}) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (<|%0a|%0d|%27|%3c|%3e|%00|0x00) [NC,OR] RewriteCond %{HTTP_USER_AGENT} ((c99|php|web)shell|remoteview|site((.){0,2})copier) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (base64_decode|bin/bash|disconnect|eval|lwp-download|unserialize|\\\x22) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (360Spider|acapbot|acoonbot|ahrefs|alexibot|asterias|attackbot|backdorbot|becomebot|binlar|blackwidow|blekkobot|blexbot|blowfish|bullseye|bunnys|butterfly|careerbot|casper|checkpriv|cheesebot|cherrypick|chinaclaw|choppy|clshttp|cmsworld|copernic|copyrightcheck|cosmos|crescent|cy_cho|datacha|demon|diavol|discobot|dittospyder|dotbot|dotnetdotcom|dumbot|emailcollector|emailsiphon|emailwolf|exabot|extract|eyenetie|feedfinder|flaming|flashget|flicky|foobot|g00g1e|getright|gigabot|go-ahead-got|gozilla|grabnet|grafula|harvest|heritrix|httrack|icarus6j|jetbot|jetcar|jikespider|kmccrew|leechftp|libweb|linkextractor|linkscan|linkwalker|loader|masscan|miner|majestic|mechanize|mj12bot|morfeus|moveoverbot|netmechanic|netspider|nicerspro|nikto|ninja|nutch|octopus|pagegrabber|planetwork|postrank|proximic|purebot|pycurl|python|queryn|queryseeker|radian6|radiation|realdownload|rogerbot|scooter|seekerspider|semalt|siclab|sindice|sistrix|sitebot|siteexplorer|sitesnagger|skygrid|smartdownload|snoopy|sosospider|spankbot|spbot|sqlmap|stackrambler|stripper|sucker|surftbot|sux0r|suzukacz|suzuran|takeout|teleport|telesoft|true_robots|turingos|turnit|vampire|vikspider|voideye|webleacher|webreaper|webstripper|webvac|webviewer|webwhacker|winhttp|wwwoffle|woxbot|xaldon|xxxyy|yamanalab|yioopbot|youda|zeus|zmeu|zune|zyborg) [NC] RewriteRule .* - [F,L] # RewriteRule .* /7G_log.php?log [END,NE,E=7G_USER_AGENT:%1] </IfModule> # 7G:[REMOTE HOST] <IfModule mod_rewrite.c> RewriteCond %{REMOTE_HOST} (163data|amazonaws|colocrossing|crimea|g00g1e|justhost|kanagawa|loopia|masterhost|onlinehome|poneytel|sprintdatacenter|reverse.softlayer|safenet|ttnet|woodpecker|wowrack) [NC] RewriteRule .* - [F,L] # RewriteRule .* /7G_log.php?log [END,NE,E=7G_REMOTE_HOST:%1] </IfModule> # 7G:[HTTP REFERRER] <IfModule mod_rewrite.c> RewriteCond %{HTTP_REFERER} (semalt.com|todaperfeita) [NC,OR] RewriteCond %{HTTP_REFERER} (ambien|blue\spill|cocaine|ejaculat|erectile|erections|hoodia|huronriveracres|impotence|levitra|libido|lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby|ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo) [NC] RewriteRule .* - [F,L] # RewriteRule .* /7G_log.php?log [END,NE,E=7G_HTTP_REFERRER:%1] </IfModule> # 7G:[REQUEST METHOD] <IfModule mod_rewrite.c> RewriteCond %{REQUEST_METHOD} ^(connect|debug|move|trace|track) [NC] RewriteRule .* - [F,L] # RewriteRule .* /7G_log.php?log [END,NE,E=7G_REQUEST_METHOD:%1] </IfModule> ################################################################# # 7G Addon: Stop Aggressive Scanning for Uploads-Related Targets # https://perishablepress.com/stop-aggressive-scanning-uploads/ ################################################################# <IfModule mod_rewrite.c> # RewriteCond %{REQUEST_URI} /php(unit)?/ [NC,OR] # RewriteCond %{REQUEST_URI} \.(aspx?|env|git(ignore)?|phtml|rar|well-known) [NC,OR] # RewriteCond %{REQUEST_URI} /(cms|control_panel|dashboard|home_url=|lr-admin|manager|panel|staff|webadmin) [NC,OR] # RewriteCond %{REQUEST_URI} /(adm(in)?|blog|cache|checkout|controlpanel|ecommerce|export|magento(-1|web)?|market(place)?|mg|onli(n|k)e|orders?|shop|tmplconnector|uxm|web?store)/ [NC,OR] RewriteCond %{REQUEST_URI} (_timthumb_|timthumb.php) [NC,OR] RewriteCond %{REQUEST_URI} /(install|wp-config|xmlrpc)\.php [NC,OR] RewriteCond %{REQUEST_URI} /(uploadify|uploadbg|up__uzegp)\.php [NC,OR] RewriteCond %{REQUEST_URI} /(comm\.js|mysql-date-function|simplebootadmin|vuln\.htm|www\.root\.) [NC,OR] RewriteCond %{REQUEST_URI} /(admin-uploadify|fileupload|jquery-file-upload|upload_file|upload|uploadify|webforms)/ [NC,OR] RewriteCond %{REQUEST_URI} /(ajax_pluginconf|apikey|connector(.minimal)?|eval-stdin|f0x|login|router|setup-config|sssp|vuln|xattacker)\.php [NC] RewriteRule .* - [F,L] </IfModule> # ---------------------------------------------------------------------- # Block WordPress files from outside access # ---------------------------------------------------------------------- # No access to the install.php <files install.php> Order allow,deny Deny from all </files> # No access to the wp-config.php <files wp-config.php> Order allow,deny Deny from all </files> # No access to the readme.html <files readme.html> Order Allow,Deny Deny from all Satisfy all </Files> # No access to the liesmich.html for DE Edition <Files liesmich.html> Order Allow,Deny Deny from all Satisfy all </Files> # No error log access <files error_log> Order allow,deny Deny from all </files> #No access to the .htaccess und .htpasswd <FilesMatch "(\.htaccess|\.htpasswd)"> Order deny,allow Deny from all </FilesMatch> # Block access to includes folder <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^wp-admin/includes/ - [F,L] RewriteRule !^wp-includes/ - [S=3] RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] RewriteRule ^wp-includes/theme-compat/ - [F,L] </IfModule> # ---------------------------------------------------------------------- # | Blocking the »ReallyLongRequest« Bandit - New in 2018 # https://perishablepress.com/blocking-reallylongrequest-bandit/ # ---------------------------------------------------------------------- <IfModule mod_rewrite.c> RewriteCond %{REQUEST_METHOD} .* [NC] RewriteCond %{THE_REQUEST} (YesThisIsAReallyLongRequest|ScanningForResearchPurpose) [NC,OR] RewriteCond %{QUERY_STRING} (YesThisIsAReallyLongRequest|ScanningForResearchPurpose) [NC] RewriteRule .* - [F,L] </IfModule> # -------------------------------------------------------------------------------------------- # Ultimate hotlink protection - IMPORTANT: Change »?domain\« in line 361 to your domain name # Example: ?andreas-hecht\ ### if you do not use https, change https in line 361 to http # -------------------------------------------------------------------------------------------- <IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{REQUEST_FILENAME} -f RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?foto.bildermann\. [NC] RewriteRule \.(gif|jpe?g?|png)$ - [F,NC,L] </ifModule> # ---------------------------------------------------------------------- # Protect your WordPress Login with HTTP Authentification # ---------------------------------------------------------------------- # If you want to use it, comment it out and set your path to .htpasswd #<Files wp-login.php> #AuthName "Admin-Bereich" #AuthType Basic #AuthUserFile /usr/local/www/apache24/your-path/your-domain.com/.htpasswd #require valid-user #</Files> # ---------------------------------------------------------------------- # Switch off the security risk XML-RPC interface completely # ---------------------------------------------------------------------- ### @see https://digwp.com/2009/06/xmlrpc-php-security/ <Files xmlrpc.php> Order Deny,Allow Deny from all </Files> # ----------------------------------------------------------------------------- # HTTP SECURITY HEADER | Test on: https://securityheaders.com | UPDATE 2020 # ----------------------------------------------------------------------------- ### @see https://scotthelme.co.uk/hardening-your-http-response-headers ### UPDATE 2020 ## No-Referrer-Header <IfModule mod_headers.c> Header set Referrer-Policy "no-referrer" </IfModule> ## Strict Origin when cross origin Header #@see https://scotthelme.co.uk/a-new-security-header-referrer-policy/ <IfModule mod_headers.c> Header set Referrer-Policy "strict-origin-when-cross-origin" </IfModule> ## X-FRAME-OPTIONS-Header <IfModule mod_headers.c> Header set X-Frame-Options "sameorigin" </IfModule> ## X-XSS-PROTECTION-Header <IfModule mod_headers.c> Header set X-XSS-Protection "1; mode=block" </IfModule> ## X-Content-Type-Options-Header <IfModule mod_headers.c> Header set X-Content-Type-Options "nosniff" </IfModule> ## Strict-Transport-Security-Header - for HTTPS <IfModule mod_headers.c> Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" </IfModule> ## This prevents that false issued certificates for this website can be used unnoticed. (Experimental) ## @see https://tools.ietf.org/html/draft-ietf-httpbis-expect-ct-02 <IfModule mod_headers.c> Header set Expect-CT "enforce, max-age=21600" </IfModule> # ---------------------------------------------------------------------- # The original WordPress Rewrite Rules - Do not change anything here, # except you are using a WordPress Multisite # ---------------------------------------------------------------------- # BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPress
- Diese Antwort wurde geändert vor 2 Jahren, 7 Monaten von Bego Mario Garde.
- Diese Antwort wurde geändert vor 2 Jahren, 7 Monaten von Bego Mario Garde. Grund: Codeformatierung
- Diese Antwort wurde geändert vor 2 Jahren, 7 Monaten von Bego Mario Garde.
und hier die .htaccess.bk
############################################## # GZIP-Komprimierung aktiviert am 15.08.2021 # Gzip compression # quelle: https://kinsta.com/de/blog/gzip-komprimierung-aktivieren/#wie-man-die-gzipkomprimierung-aktiviert # und # https://docs.wp-rocket.me/article/63-enable-gzip-compression ############################################## # Gzip compression <IfModule mod_deflate.c> # Active compression SetOutputFilter DEFLATE # Force deflate for mangled headers <IfModule mod_setenvif.c> <IfModule mod_headers.c> SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding # Don’t compress images and other uncompressible content SetEnvIfNoCase Request_URI \ \.(?:gif|jpe?g|png|rar|zip|exe|flv|mov|wma|mp3|avi|swf|mp?g|mp4|webm|webp|pdf)$ no-gzip dont-vary </IfModule> </IfModule> # Compress all output labeled with one of the following MIME-types <IfModule mod_filter.c> AddOutputFilterByType DEFLATE application/atom+xml \ application/javascript \ application/json \ application/rss+xml \ application/vnd.ms-fontobject \ application/x-font-ttf \ application/xhtml+xml \ application/xml \ font/opentype \ image/svg+xml \ image/x-icon \ text/css \ text/html \ text/plain \ text/x-component \ text/xml </IfModule> <IfModule mod_headers.c> Header append Vary: Accept-Encoding </IfModule> </IfModule> <IfModule mod_mime.c> AddType text/html .html_gzip AddEncoding gzip .html_gzip </IfModule> <IfModule mod_setenvif.c> SetEnvIfNoCase Request_URI \.html_gzip$ no-gzip ############################################### # BEGIN LSCACHE ## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ## <IfModule LiteSpeed> RewriteEngine on CacheLookup on RewriteRule .* - [E=Cache-Control:no-autoflush] RewriteRule \.litespeed_conf\.dat - [F,L] ### marker MOBILE start ### RewriteCond %{HTTP_USER_AGENT} Mobile|Android|Silk/|Kindle|BlackBerry|Opera\ Mini|Opera\ Mobi [NC] RewriteRule .* - [E=Cache-Control:vary=%{ENV:LSCACHE_VARY_VALUE}+ismobile] ### marker MOBILE end ### ### marker CACHE RESOURCE start ### RewriteRule http://foto.bildermann.de/wp-content/.*/[^/]*(responsive|css|js|dynamic|loader|fonts)\.php - [E=cache-control:max-age=3600] ### marker CACHE RESOURCE end ### ### marker FAVICON start ### RewriteRule favicon\.ico$ - [E=cache-control:max-age=86400] ### marker FAVICON end ### ### marker WEBP start ### RewriteCond %{HTTP_ACCEPT} "image/webp" [or] RewriteCond %{HTTP_USER_AGENT} "Page Speed" RewriteRule .* - [E=Cache-Control:vary=%{ENV:LSCACHE_VARY_VALUE}+webp] RewriteCond %{HTTP_USER_AGENT} iPhone.*Version/(\d{2}).*Safari RewriteCond %1 >13 RewriteRule .* - [E=Cache-Control:vary=%{ENV:LSCACHE_VARY_VALUE}+webp] ### marker WEBP end ### ### marker DROPQS start ### CacheKeyModify -qs:fbclid CacheKeyModify -qs:gclid CacheKeyModify -qs:utm* CacheKeyModify -qs:_ga ### marker DROPQS end ### </IfModule> ## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ## # END LSCACHE # BEGIN NON_LSCACHE ## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ## ## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ## # END NON_LSCACHE ######################################################################## # OPTIMAL .htaccess FILE FOR SPEED AND SECURITY @Version 2.0.1 - 08/2020 # ---------------------------------------------------------------------- # @Author: Andreas Hecht # @Author URI: https://seoagentur-hamburg.com # License: GNU General Public License v2 or later # License URI: http://www.gnu.org/licenses/gpl-2.0.html ######################################################################## # ---------------------------------------------------------------------- # Rewrite from HTTP to HTTPS - if you want to use it, comment it out # ---------------------------------------------------------------------- #<IfModule mod_rewrite.c> #RewriteEngine On #RewriteCond %{HTTPS} !=on #RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] #</IfModule> # ---------------------------------------------------------------------- # | Activate CORS # ---------------------------------------------------------------------- <IfModule mod_headers.c> <FilesMatch "\.(ttf|ttc|otf|eot|woff|woff2|font.css|css|js|gif|png|jpe?g|svg|svgz|ico|webp)$"> Header set Access-Control-Allow-Origin "*" </FilesMatch> </IfModule> # ----------------------------------------------------------------------- # | 404 Fix: Block Nuisance Requests for Non-Existent Files - New in 2018 # https://perishablepress.com/block-nuisance-requests - @Update 2019 # ----------------------------------------------------------------------- <IfModule mod_alias.c> RedirectMatch 403 (?i)\.php\.suspected RedirectMatch 403 (?i)apple-app-site-association RedirectMatch 403 (?i)/autodiscover/autodiscover.xml </IfModule> # ---------------------------------------------------------------------- # | Compressing and Caching - Version 2020 | # ---------------------------------------------------------------------- # Serve resources with far-future expires headers. # # (!) If you don't control versioning with filename-based # cache busting, you should consider lowering the cache times # to something like one week. # # https://httpd.apache.org/docs/current/mod/mod_expires.html <IfModule mod_expires.c> ExpiresActive on ExpiresDefault "access plus 1 month" # CSS ExpiresByType text/css "access plus 1 year" # Data interchange ExpiresByType application/atom+xml "access plus 1 hour" ExpiresByType application/rdf+xml "access plus 1 hour" ExpiresByType application/rss+xml "access plus 1 hour" ExpiresByType application/json "access plus 0 seconds" ExpiresByType application/ld+json "access plus 0 seconds" ExpiresByType application/schema+json "access plus 0 seconds" ExpiresByType application/vnd.geo+json "access plus 0 seconds" ExpiresByType application/xml "access plus 0 seconds" ExpiresByType text/xml "access plus 0 seconds" # Favicon (cannot be renamed!) and cursor images ExpiresByType image/vnd.microsoft.icon "access plus 1 week" ExpiresByType image/x-icon "access plus 1 week" # HTML - No Caching ExpiresByType text/html "access plus 0 seconds" # JavaScript ExpiresByType application/javascript "access plus 1 year" ExpiresByType application/x-javascript "access plus 1 year" ExpiresByType text/javascript "access plus 1 year" # Manifest files ExpiresByType application/manifest+json "access plus 1 week" ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds" ExpiresByType text/cache-manifest "access plus 0 seconds" # Update 2020: Google recommendation: cache duration increased to 1 year # @see: https://web.dev/uses-long-cache-ttl/ # Media files ExpiresByType audio/ogg "access plus 1 year" ExpiresByType image/bmp "access plus 1 year" ExpiresByType image/gif "access plus 1 year" ExpiresByType image/jpeg "access plus 1 year" ExpiresByType image/png "access plus 1 year" ExpiresByType image/svg+xml "access plus 1 year" ExpiresByType image/webp "access plus 1 year" ExpiresByType video/mp4 "access plus 1 year" ExpiresByType video/ogg "access plus 1 year" ExpiresByType video/webm "access plus 1 year" # Web fonts # Embedded OpenType (EOT) ExpiresByType application/vnd.ms-fontobject "access plus 1 year" ExpiresByType font/eot "access plus 1 year" # OpenType ExpiresByType font/opentype "access plus 1 year" # TrueType ExpiresByType application/x-font-ttf "access plus 1 year" # Web Open Font Format (WOFF) 1.0 ExpiresByType application/font-woff "access plus 1 year" ExpiresByType application/x-font-woff "access plus 1 year" ExpiresByType font/woff "access plus 1 year" # Web Open Font Format (WOFF) 2.0 ExpiresByType application/font-woff2 "access plus 1 year" # Other ExpiresByType text/x-cross-domain-policy "access plus 1 week" </IfModule> <IfModule mod_deflate.c> # Insert filters / compress text, html, javascript, css, xml: AddOutputFilterByType DEFLATE text/plain AddOutputFilterByType DEFLATE text/html AddOutputFilterByType DEFLATE text/xml AddOutputFilterByType DEFLATE text/css AddOutputFilterByType DEFLATE text/vtt AddOutputFilterByType DEFLATE text/x-component AddOutputFilterByType DEFLATE application/xml AddOutputFilterByType DEFLATE application/xhtml+xml AddOutputFilterByType DEFLATE application/rss+xml AddOutputFilterByType DEFLATE application/js AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType DEFLATE application/x-javascript AddOutputFilterByType DEFLATE application/x-httpd-php AddOutputFilterByType DEFLATE application/x-httpd-fastphp AddOutputFilterByType DEFLATE application/atom+xml AddOutputFilterByType DEFLATE application/json AddOutputFilterByType DEFLATE application/ld+json AddOutputFilterByType DEFLATE application/vnd.ms-fontobject AddOutputFilterByType DEFLATE application/x-font-ttf AddOutputFilterByType DEFLATE application/font-woff2 AddOutputFilterByType DEFLATE application/x-font-woff AddOutputFilterByType DEFLATE application/x-web-app-manifest+json font/woff AddOutputFilterByType DEFLATE font/woff AddOutputFilterByType DEFLATE font/opentype AddOutputFilterByType DEFLATE image/svg+xml AddOutputFilterByType DEFLATE image/x-icon # Exception: Images SetEnvIfNoCase REQUEST_URI \.(?:gif|jpg|jpeg|png|svg)$ no-gzip dont-vary # Drop problematic browsers BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4\.0[678] no-gzip BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html # Make sure proxies don't deliver the wrong content Header append Vary User-Agent env=!dont-vary </IfModule> #Alternative caching using Apache's "mod_headers", if it's installed. #Caching of common files - ENABLED <IfModule mod_headers.c> <FilesMatch "\.(ico|pdf|flv|swf|js|css|gif|png|jpg|jpeg|txt|woff2|woff)$"> Header set Cache-Control "max-age=31536000, public" </FilesMatch> </IfModule> <IfModule mod_headers.c> <FilesMatch "\.(js|css|xml|gz)$"> Header append Vary Accept-Encoding </FilesMatch> </IfModule> # Set Keep Alive Header <IfModule mod_headers.c> Header set Connection keep-alive </IfModule> # If your server don't support ETags deactivate with "None" (and remove header) <IfModule mod_expires.c> <IfModule mod_headers.c> Header unset ETag </IfModule> FileETag None </IfModule> <IfModule mod_headers.c> <FilesMatch ".(js|css|xml|gz|html|woff|woff2|ttf)$"> Header append Vary: Accept-Encoding </FilesMatch> </IfModule> # ---------------------------------------------------------------------- # | 7G Firewall for Security - Do not change this part @Update 2020 # ---------------------------------------------------------------------- # 7G FIREWALL v1.3 20200903 # @ https://perishablepress.com/7g-firewall/ # 7G:[CORE] ServerSignature Off Options -Indexes RewriteEngine On RewriteBase / # 7G:[QUERY STRING] <IfModule mod_rewrite.c> RewriteCond %{QUERY_STRING} ([a-z0-9]{2000,}) [NC,OR] RewriteCond %{QUERY_STRING} (/|%2f)(:|%3a)(/|%2f) [NC,OR] RewriteCond %{QUERY_STRING} (/|%2f)(\*|%2a)(\*|%2a)(/|%2f) [NC,OR] RewriteCond %{QUERY_STRING} ('' |<|>|\^|\|\\|0x00|%00|%0d%0a) [NC,OR] RewriteCond %{QUERY_STRING} (cmd|command)(=|%3d)(chdir|mkdir)(.*)(x20) [NC,OR] RewriteCond %{QUERY_STRING} (ckfinder|fullclick|ckfinder|fckeditor) [NC,OR] RewriteCond %{QUERY_STRING} (globals|mosconfig([a-z_]{1,22})|request)(=|\[) [NC,OR] RewriteCond %{QUERY_STRING} (/|%2f)((wp-)?config)((\.|%2e)inc)?((\.|%2e)php) [NC,OR] RewriteCond %{QUERY_STRING} (thumbs?(_editor|open)?|tim(thumbs?)?)((\.|%2e)php) [NC,OR] RewriteCond %{QUERY_STRING} (absolute_|base|root_)(dir|path)(=|%3d)(ftp|https?) [NC,OR] RewriteCond %{QUERY_STRING} (localhost|loopback|127(\.|%2e)0(\.|%2e)0(\.|%2e)1) [NC,OR] RewriteCond %{QUERY_STRING} (s)?(ftp|inurl|php)(s)?(:(/|%2f|%u2215)(/|%2f|%u2215)) [NC,OR] RewriteCond %{QUERY_STRING} (\.|20)(get|the)(_|%5f)(permalink|posts_page_url)(\(|%28) [NC,OR] RewriteCond %{QUERY_STRING} ((boot|win)((\.|%2e)ini)|etc(/|%2f)passwd|self(/|%2f)environ) [NC,OR] RewriteCond %{QUERY_STRING} (((/|%2f){3,3})|((\.|%2e){3,3})|((\.|%2e){2,2})(/|%2f|%u2215)) [NC,OR] RewriteCond %{QUERY_STRING} (benchmark|char|exec|fopen|function|html)(.*)(\(|%28)(.*)(\)|%29) [NC,OR] RewriteCond %{QUERY_STRING} (php)([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}) [NC,OR] RewriteCond %{QUERY_STRING} (e|%65|%45)(v|%76|%56)(a|%61|%31)(l|%6c|%4c)(.*)(\(|%28)(.*)(\)|%29) [NC,OR] RewriteCond %{QUERY_STRING} (/|%2f)(=|%3d|$&|_mm|cgi(\.|-)|inurl(:|%3a)(/|%2f)|(mod|path)(=|%3d)(\.|%2e)) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3c)(.*)(e|%65|%45)(m|%6d|%4d)(b|%62|%42)(e|%65|%45)(d|%64|%44)(.*)(>|%3e) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3c)(.*)(i|%69|%49)(f|%66|%46)(r|%72|%52)(a|%61|%41)(m|%6d|%4d)(e|%65|%45)(.*)(>|%3e) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3c)(.*)(o|%4f|%6f)(b|%62|%42)(j|%4a|%6a)(e|%65|%45)(c|%63|%43)(t|%74|%54)(.*)(>|%3e) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3c)(.*)(s|%73|%53)(c|%63|%43)(r|%72|%52)(i|%69|%49)(p|%70|%50)(t|%74|%54)(.*)(>|%3e) [NC,OR] RewriteCond %{QUERY_STRING} (\+|%2b|%20)(d|%64|%44)(e|%65|%45)(l|%6c|%4c)(e|%65|%45)(t|%74|%54)(e|%65|%45)(\+|%2b|%20) [NC,OR] RewriteCond %{QUERY_STRING} (\+|%2b|%20)(i|%69|%49)(n|%6e|%4e)(s|%73|%53)(e|%65|%45)(r|%72|%52)(t|%74|%54)(\+|%2b|%20) [NC,OR] RewriteCond %{QUERY_STRING} (\+|%2b|%20)(s|%73|%53)(e|%65|%45)(l|%6c|%4c)(e|%65|%45)(c|%63|%43)(t|%74|%54)(\+|%2b|%20) [NC,OR] RewriteCond %{QUERY_STRING} (\+|%2b|%20)(u|%75|%55)(p|%70|%50)(d|%64|%44)(a|%61|%41)(t|%74|%54)(e|%65|%45)(\+|%2b|%20) [NC,OR] RewriteCond %{QUERY_STRING} (\\x00|(\"|%22|\'|%27)?0(\"|%22|\'|%27)?(=|%3d)(\"|%22|\'|%27)?0|cast(\(|%28)0x|or%201(=|%3d)1) [NC,OR] RewriteCond %{QUERY_STRING} (g|%67|%47)(l|%6c|%4c)(o|%6f|%4f)(b|%62|%42)(a|%61|%41)(l|%6c|%4c)(s|%73|%53)(=|[|%[0-9A-Z]{0,2}) [NC,OR] RewriteCond %{QUERY_STRING} (_|%5f)(r|%72|%52)(e|%65|%45)(q|%71|%51)(u|%75|%55)(e|%65|%45)(s|%73|%53)(t|%74|%54)(=|[|%[0-9A-Z]{2,}) [NC,OR] RewriteCond %{QUERY_STRING} (j|%6a|%4a)(a|%61|%41)(v|%76|%56)(a|%61|%31)(s|%73|%53)(c|%63|%43)(r|%72|%52)(i|%69|%49)(p|%70|%50)(t|%74|%54)(:|%3a)(.*)(;|%3b|\)|%29) [NC,OR] RewriteCond %{QUERY_STRING} (b|%62|%42)(a|%61|%41)(s|%73|%53)(e|%65|%45)(6|%36)(4|%34)(_|%5f)(e|%65|%45|d|%64|%44)(e|%65|%45|n|%6e|%4e)(c|%63|%43)(o|%6f|%4f)(d|%64|%44)(e|%65|%45)(.*)(\()(.*)(\)) [NC,OR] RewriteCond %{QUERY_STRING} (@copy|\$_(files|get|post)|allow_url_(fopen|include)|auto_prepend_file|blexbot|browsersploit|(c99|php)shell|curl(_exec|test)|disable_functions?|document_root|elastix|encodeuricom|exploit|fclose|fgets|file_put_contents|fputs|fsbuff|fsockopen|gethostbyname|grablogin|hmei7|input_file|null|open_basedir|outfile|passthru|phpinfo|popen|proc_open|quickbrute|remoteview|root_path|safe_mode|shell_exec|site((.){0,2})copier|sux0r|trojan|user_func_array|wget|xertive) [NC,OR] RewriteCond %{QUERY_STRING} (;|<|>|\'|\"|\)|%0a|%0d|%22|%27|%3c|%3e|%00)(.*)(/\*|alter|base64|benchmark|cast|char|concat|convert|create|encode|declare|delete|drop|insert|md5|order|request|script|select|set|union|update) [NC,OR] RewriteCond %{QUERY_STRING} ((\+|%2b)(concat|delete|get|select|union)(\+|%2b)) [NC,OR] RewriteCond %{QUERY_STRING} (union)(.*)(select)(.*)(\(|%28) [NC,OR] RewriteCond %{QUERY_STRING} (concat)(.*)(\(|%28) [NC] RewriteRule .* - [F,L] # RewriteRule .* /7G_log.php?log [END,NE,E=7G_QUERY_STRING:%1___%2___%3] </IfModule> # 7G:[REQUEST URI] <IfModule mod_rewrite.c> RewriteCond %{REQUEST_URI} ([a-z0-9]{2000,}) [NC,OR] RewriteCond %{REQUEST_URI} (=?\\(\'|%27)/?)(\.) [NC,OR] RewriteCond %{REQUEST_URI} (\^|''|<|>|%|\\|\{|\}|\|) [NC,OR] RewriteCond %{REQUEST_URI} (/)(\*|\"|\'|\.|,|&|&?)/?$ [NC,OR] RewriteCond %{REQUEST_URI} (\.)(php)(\()?([0-9]+)(\))?(/)?$ [NC,OR] RewriteCond %{REQUEST_URI} (/)(vbulletin|boards|vbforum)(/)? [NC,OR] RewriteCond %{REQUEST_URI} (\.(s?ftp-?)config|(s?ftp-?)config\.) [NC,OR] RewriteCond %{REQUEST_URI} (\{0\}|\"?0\"?=\"?0|\(/\(|\.\.\.|\+\+\+|\\\") [NC,OR] RewriteCond %{REQUEST_URI} (thumbs?(_editor|open)?|tim(thumbs?)?)(\.php) [NC,OR] RewriteCond %{REQUEST_URI} (/)(fck|ckfinder|fullclick|ckfinder|fckeditor) [NC,OR] RewriteCond %{REQUEST_URI} (\.|20)(get|the)(_)(permalink|posts_page_url)(\() [NC,OR] RewriteCond %{REQUEST_URI} (///|\?\?|/&&|/\*(.*)\*/|/:/|\\\\|0x00|%00|%0d%0a) [NC,OR] RewriteCond %{REQUEST_URI} (/%7e)(root|ftp|bin|nobody|named|guest|logs|sshd)(/) [NC,OR] RewriteCond %{REQUEST_URI} (/)(etc|var)(/)(hidden|secret|shadow|ninja|passwd|tmp)(/)?$ [NC,OR] RewriteCond %{REQUEST_URI} (s)?(ftp|http|inurl|php)(s)?(:(/|%2f|%u2215)(/|%2f|%u2215)) [NC,OR] RewriteCond %{REQUEST_URI} (/)(=|\$&?|&?(pws|rk)=0|_mm|_vti_|cgi(\.|-)?|(=|/|;|,)nt\.) [NC,OR] RewriteCond %{REQUEST_URI} (\.)(ds_store|htaccess|htpasswd|init?|mysql-select-db)(/)?$ [NC,OR] RewriteCond %{REQUEST_URI} (/)(bin)(/)(cc|chmod|chsh|cpp|echo|id|kill|mail|nasm|perl|ping|ps|python|tclsh)(/)?$ [NC,OR] RewriteCond %{REQUEST_URI} (/)(::[0-9999]|%3a%3a[0-9999]|127\.0\.0\.1|localhost|loopback|makefile|pingserver|wwwroot)(/)? [NC,OR] RewriteCond %{REQUEST_URI} (\(null\)|\{\$itemURL\}|cAsT\(0x|echo(.*)kae|etc/passwd|eval\(|self/environ|\+union\+all\+select) [NC,OR] RewriteCond %{REQUEST_URI} (/)(awstats|(c99|php|web)shell|document_root|error_log|listinfo|muieblack|remoteview|site((.){0,2})copier|sqlpatch|sux0r) [NC,OR] RewriteCond %{REQUEST_URI} (/)((php|web)?shell|crossdomain|fileditor|locus7|nstview|php(get|remoteview|writer)|r57|remview|sshphp|storm7|webadmin)(.*)(\.|\() [NC,OR] RewriteCond %{REQUEST_URI} (/)(author-panel|bitrix|class|database|(db|mysql)-?admin|filemanager|htdocs|httpdocs|https?|mailman|mailto|msoffice|mysql|_?php-?my-?admin(.*)|tmp|undefined|usage|var|vhosts|webmaster|www)(/) [NC,OR] RewriteCond %{REQUEST_URI} (\.)(7z|ab4|afm|aspx?|bash|ba?k?|bz2|cfg|cfml?|cgi|ctl|dat|db|dll|eml|et2|exe|fec|fla|hg|inc|ini|inv|jsp|log|lqd|mbf|mdb|mmw|mny|old|one|out|passwd|pdb|pl|psd|pst|ptdb|pwd|py|qbb|qdf|rar|rdf|sdb|sql|sh|soa|swf|swl|swp|stx|tar|tax|tgz|tls|tmd|wow|zlib)$ [NC,OR] RewriteCond %{REQUEST_URI} (base64_(en|de)code|benchmark|child_terminate|curl_exec|e?chr|eval|function|fwrite|(f|p)open|html|leak|passthru|p?fsockopen|phpinfo|posix_(kill|mkfifo|setpgid|setsid|setuid)|proc_(close|get_status|nice|open|terminate)|(shell_)?exec|system)(.*)(\()(.*)(\)) [NC,OR] RewriteCond %{REQUEST_URI} (/)(^$|00.temp00|0day|3xp|70bex?|admin_events|bkht|(php|web)?shell|configbak|curltest|db|dompdf|filenetworks|hmei7|index\.php/index\.php/index|jahat|kcrew|keywordspy|mobiquo|mysql|nessus|php-?info|racrew|sql|vuln|webconfig|(wp-)?conf(ig)?(uration)?|xertive)(\.php) [NC] RewriteRule .* - [F,L] # RewriteRule .* /7G_log.php?log [END,NE,E=7G_REQUEST_URI:%1___%2___%3] </IfModule> # 7G:[USER AGENT] <IfModule mod_rewrite.c> RewriteCond %{HTTP_USER_AGENT} ([a-z0-9]{2000,}) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (<|%0a|%0d|%27|%3c|%3e|%00|0x00) [NC,OR] RewriteCond %{HTTP_USER_AGENT} ((c99|php|web)shell|remoteview|site((.){0,2})copier) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (base64_decode|bin/bash|disconnect|eval|lwp-download|unserialize|\\\x22) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (360Spider|acapbot|acoonbot|ahrefs|alexibot|asterias|attackbot|backdorbot|becomebot|binlar|blackwidow|blekkobot|blexbot|blowfish|bullseye|bunnys|butterfly|careerbot|casper|checkpriv|cheesebot|cherrypick|chinaclaw|choppy|clshttp|cmsworld|copernic|copyrightcheck|cosmos|crescent|cy_cho|datacha|demon|diavol|discobot|dittospyder|dotbot|dotnetdotcom|dumbot|emailcollector|emailsiphon|emailwolf|exabot|extract|eyenetie|feedfinder|flaming|flashget|flicky|foobot|g00g1e|getright|gigabot|go-ahead-got|gozilla|grabnet|grafula|harvest|heritrix|httrack|icarus6j|jetbot|jetcar|jikespider|kmccrew|leechftp|libweb|linkextractor|linkscan|linkwalker|loader|masscan|miner|majestic|mechanize|mj12bot|morfeus|moveoverbot|netmechanic|netspider|nicerspro|nikto|ninja|nutch|octopus|pagegrabber|planetwork|postrank|proximic|purebot|pycurl|python|queryn|queryseeker|radian6|radiation|realdownload|rogerbot|scooter|seekerspider|semalt|siclab|sindice|sistrix|sitebot|siteexplorer|sitesnagger|skygrid|smartdownload|snoopy|sosospider|spankbot|spbot|sqlmap|stackrambler|stripper|sucker|surftbot|sux0r|suzukacz|suzuran|takeout|teleport|telesoft|true_robots|turingos|turnit|vampire|vikspider|voideye|webleacher|webreaper|webstripper|webvac|webviewer|webwhacker|winhttp|wwwoffle|woxbot|xaldon|xxxyy|yamanalab|yioopbot|youda|zeus|zmeu|zune|zyborg) [NC] RewriteRule .* - [F,L] # RewriteRule .* /7G_log.php?log [END,NE,E=7G_USER_AGENT:%1] </IfModule> # 7G:[REMOTE HOST] <IfModule mod_rewrite.c> RewriteCond %{REMOTE_HOST} (163data|amazonaws|colocrossing|crimea|g00g1e|justhost|kanagawa|loopia|masterhost|onlinehome|poneytel|sprintdatacenter|reverse.softlayer|safenet|ttnet|woodpecker|wowrack) [NC] RewriteRule .* - [F,L] # RewriteRule .* /7G_log.php?log [END,NE,E=7G_REMOTE_HOST:%1] </IfModule> # 7G:[HTTP REFERRER] <IfModule mod_rewrite.c> RewriteCond %{HTTP_REFERER} (semalt.com|todaperfeita) [NC,OR] RewriteCond %{HTTP_REFERER} (ambien|blue\spill|cocaine|ejaculat|erectile|erections|hoodia|huronriveracres|impotence|levitra|libido|lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby|ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo) [NC] RewriteRule .* - [F,L] # RewriteRule .* /7G_log.php?log [END,NE,E=7G_HTTP_REFERRER:%1] </IfModule> # 7G:[REQUEST METHOD] <IfModule mod_rewrite.c> RewriteCond %{REQUEST_METHOD} ^(connect|debug|move|trace|track) [NC] RewriteRule .* - [F,L] # RewriteRule .* /7G_log.php?log [END,NE,E=7G_REQUEST_METHOD:%1] </IfModule> ################################################################# # 7G Addon: Stop Aggressive Scanning for Uploads-Related Targets # https://perishablepress.com/stop-aggressive-scanning-uploads/ ################################################################# <IfModule mod_rewrite.c> # RewriteCond %{REQUEST_URI} /php(unit)?/ [NC,OR] # RewriteCond %{REQUEST_URI} \.(aspx?|env|git(ignore)?|phtml|rar|well-known) [NC,OR] # RewriteCond %{REQUEST_URI} /(cms|control_panel|dashboard|home_url=|lr-admin|manager|panel|staff|webadmin) [NC,OR] # RewriteCond %{REQUEST_URI} /(adm(in)?|blog|cache|checkout|controlpanel|ecommerce|export|magento(-1|web)?|market(place)?|mg|onli(n|k)e|orders?|shop|tmplconnector|uxm|web?store)/ [NC,OR] RewriteCond %{REQUEST_URI} (_timthumb_|timthumb.php) [NC,OR] RewriteCond %{REQUEST_URI} /(install|wp-config|xmlrpc)\.php [NC,OR] RewriteCond %{REQUEST_URI} /(uploadify|uploadbg|up__uzegp)\.php [NC,OR] RewriteCond %{REQUEST_URI} /(comm\.js|mysql-date-function|simplebootadmin|vuln\.htm|www\.root\.) [NC,OR] RewriteCond %{REQUEST_URI} /(admin-uploadify|fileupload|jquery-file-upload|upload_file|upload|uploadify|webforms)/ [NC,OR] RewriteCond %{REQUEST_URI} /(ajax_pluginconf|apikey|connector(.minimal)?|eval-stdin|f0x|login|router|setup-config|sssp|vuln|xattacker)\.php [NC] RewriteRule .* - [F,L] </IfModule> # ---------------------------------------------------------------------- # Block WordPress files from outside access # ---------------------------------------------------------------------- # No access to the install.php <files install.php> Order allow,deny Deny from all </files> # No access to the wp-config.php <files wp-config.php> Order allow,deny Deny from all </files> # No access to the readme.html <files readme.html> Order Allow,Deny Deny from all Satisfy all </Files> # No access to the liesmich.html for DE Edition <Files liesmich.html> Order Allow,Deny Deny from all Satisfy all </Files> # No error log access <files error_log> Order allow,deny Deny from all </files> #No access to the .htaccess und .htpasswd <FilesMatch "(\.htaccess|\.htpasswd)"> Order deny,allow Deny from all </FilesMatch> # Block access to includes folder <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^wp-admin/includes/ - [F,L] RewriteRule !^wp-includes/ - [S=3] RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] RewriteRule ^wp-includes/theme-compat/ - [F,L] </IfModule> # ---------------------------------------------------------------------- # | Blocking the »ReallyLongRequest« Bandit - New in 2018 # https://perishablepress.com/blocking-reallylongrequest-bandit/ # ---------------------------------------------------------------------- <IfModule mod_rewrite.c> RewriteCond %{REQUEST_METHOD} .* [NC] RewriteCond %{THE_REQUEST} (YesThisIsAReallyLongRequest|ScanningForResearchPurpose) [NC,OR] RewriteCond %{QUERY_STRING} (YesThisIsAReallyLongRequest|ScanningForResearchPurpose) [NC] RewriteRule .* - [F,L] </IfModule> # -------------------------------------------------------------------------------------------- # Ultimate hotlink protection - IMPORTANT: Change »?domain\« in line 361 to your domain name # Example: ?andreas-hecht\ ### if you do not use https, change https in line 361 to http # -------------------------------------------------------------------------------------------- <IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{REQUEST_FILENAME} -f RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?foto.bildermann\. [NC] RewriteRule \.(gif|jpe?g?|png)$ - [F,NC,L] </ifModule> # ---------------------------------------------------------------------- # Protect your WordPress Login with HTTP Authentification # ---------------------------------------------------------------------- # If you want to use it, comment it out and set your path to .htpasswd #<Files wp-login.php> #AuthName "Admin-Bereich" #AuthType Basic #AuthUserFile /usr/local/www/apache24/your-path/your-domain.com/.htpasswd #require valid-user #</Files> # ---------------------------------------------------------------------- # Switch off the security risk XML-RPC interface completely # ---------------------------------------------------------------------- ### @see https://digwp.com/2009/06/xmlrpc-php-security/ <Files xmlrpc.php> Order Deny,Allow Deny from all </Files> # ----------------------------------------------------------------------------- # HTTP SECURITY HEADER | Test on: https://securityheaders.com | UPDATE 2020 # ----------------------------------------------------------------------------- ### @see https://scotthelme.co.uk/hardening-your-http-response-headers ### UPDATE 2020 ## No-Referrer-Header <IfModule mod_headers.c> Header set Referrer-Policy "no-referrer" </IfModule> ## Strict Origin when cross origin Header #@see https://scotthelme.co.uk/a-new-security-header-referrer-policy/ <IfModule mod_headers.c> Header set Referrer-Policy "strict-origin-when-cross-origin" </IfModule> ## X-FRAME-OPTIONS-Header <IfModule mod_headers.c> Header set X-Frame-Options "sameorigin" </IfModule> ## X-XSS-PROTECTION-Header <IfModule mod_headers.c> Header set X-XSS-Protection "1; mode=block" </IfModule> ## X-Content-Type-Options-Header <IfModule mod_headers.c> Header set X-Content-Type-Options "nosniff" </IfModule> ## Strict-Transport-Security-Header - for HTTPS <IfModule mod_headers.c> Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" </IfModule> ## This prevents that false issued certificates for this website can be used unnoticed. (Experimental) ## @see https://tools.ietf.org/html/draft-ietf-httpbis-expect-ct-02 <IfModule mod_headers.c> Header set Expect-CT "enforce, max-age=21600" </IfModule> # ---------------------------------------------------------------------- # The original WordPress Rewrite Rules - Do not change anything here, # except you are using a WordPress Multisite # ---------------------------------------------------------------------- # BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPress
- Diese Antwort wurde geändert vor 2 Jahren, 7 Monaten von Bego Mario Garde.
- Diese Antwort wurde geändert vor 2 Jahren, 7 Monaten von Bego Mario Garde.
- Diese Antwort wurde geändert vor 2 Jahren, 7 Monaten von Bego Mario Garde.
- Diese Antwort wurde geändert vor 2 Jahren, 7 Monaten von Bego Mario Garde. Grund: Codeformatierung
- Diese Antwort wurde geändert vor 2 Jahren, 7 Monaten von Karl.
Ich hatte nicht erwartet, dass die Dateien so lang sind und musste sie erst einmal ein wenig formatieren. Ich hoffe, dabei ist nichts durcheinandergeraten, aber die Dateien scheinen abgesehen vom Dateinamen identisch zu sein.
Im Wesentlichen handelt es sich um Einträge des Cache-Plugins und des Sicherheits-Plugins, die du benutzt. Ich würde davon ausgehen, dass die Einträge des Sicherheits-Plugins zu restriktiv sind.
Um überhaupt erstmal wieder die Website ans Laufen zu bekommen, würde ich die
.htaccess
inno.htaccess
umbenennen und das Verzeichnis des Plugin mit der „7G Firewall for Security“ im Verzeichniswp-content/plugins
umbenennen. Du sollest dann wieder ins Backend kommen und kannst dort unter Einstellungen > Permalinks erst einmal eine neue.htaccess
mit den nötigen Permalink-Einstellungen anlegen. Danach würde ich das Cache-Plugin neu installieren und einrichten und zuletzt – vorausgesetzt du möchtest dieses Sicherheits-Plugin weiter nutzen – das Plugin 7G Firewall for Security wieder installieren und die Einstellungen mit großer Sorgfalt auswählen.Mir fehlt ein wenig die Zeit, um durch die Regeln in der
.htaccess
im Einzelnen durchzugehen – das sind immerhin über 600 Zeilen Code.Noch ein Hinweis: ich kenne dieses Sicherheits-Plugin nicht, aber es ist gut möglich, dass auch Änderungen an der
wp-config.php
vorgenommen wurden. Solltest du nach Umbenennen der.htaccess
nicht ins Backend kommen, solltest du das auch noch prüfen.Herzlichen Dank.
Ich würde davon ausgehen, dass die Einträge des Sicherheits-Plugins zu restriktiv sind.
Bis vor kurzem funktionierte die Webseite und die Einwahl ins Backend einwandfrei. Auch verwende ich ohne Probleme genau diese .htacces für drei weitere WP-Webseiten.
und zuletzt – vorausgesetzt du möchtest dieses Sicherheits-Plugin weiter nutzen – das Plugin 7G Firewall for Security wieder installieren
Ein Plugin „Plugin 7G Firewall for Security“ verwende ich nicht, sondern die „NinjaFirewall (WP Edition)”. Allerdins kann ich die NinjaFirewall im Pluginordner nicht mehr finden, was mir rätselhaft ist!
Frag doch mal beim Webhoster nach?
Gut möglich, dass sie einerseits ihr eigenes Firewall-Plugin verwenden und andererseits kenne ich auch Fälle, bei denen Webhoster Plugins entfernt haben, weil sie den Server zu sehr belastet haben oder Sicherheitslücken hatten.Ich verwende aus Gründen gar keine Sicherheits-Plugins. Vielleicht kann Hans-Gerd dir noch einen Tipp zur Ninja Firewall geben. Soviel ich weiß, nutzt @hage das Plugin selber.
- Diese Antwort wurde geändert vor 2 Jahren, 7 Monaten von Bego Mario Garde.
Danke für den Hinweis. Ich werde bei „all-inkl“ anrufen.
Ich habe gerade, bis auf das Notwendigste – siehe
# ———————————————————————-
# The original WordPress Rewrite Rules – Do not change anything here,
# except you are using a WordPress Multisite
# ———————————————————————-# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPressalles aus der .htaccess entfernt. Der Fehler bleibt bestehen …
Vielleicht kann Hans-Gerd dir noch einen Tipp zur Ninja Firewall geben.
Heute Abend hält bei WP Meetup Dresden Marc Nilius einen Vortrag zur Ninja Firewall. Ich werde ihn dazu mal befragen …
Teile doch mal den Inhalt der
wp-config.php
.
Vor dem Absenden bitte die Zugangsdaten zur Datenbank und die SALT-Keys löschen.Einen Link zur Website haben wir leider immer noch nicht …
Hast du mal geprüft, ob die Datenbank-Tabellen noch vorhanden sind?
Hallo @zittau,
ich kann mir nicht vorstellen, dass das Problem durch das Plugin NinjaFirewall verursacht wurde. Das klingt in der Tat eher nach einem Fehler in der wp-config.php. Daher wäre es in der Tat gut, wenn du den Inhalt der Daten hier mal postest (ohne Zugangsdaten zur Datenbank und SALT-Keys). Schau doch auch mal über phpMyAdmin nach, ob die Datenbank noch mit allen notwendigen Tabellen existiert.
Viele Grüße
Hans-GerdDa ich heute keine Zeit mehr dazu finde, habe ich interimsweise in die index.html einen Hinweis eingestellt sowie hier eine Umleitung von der betroffenen SubDomain auf meine Hauptseite eingerichtet.
Ich melde mich zeitigstens dann morgen (Dienstag) wieder.
Danke für die Hilfe mit den Tipps,
Karl… habe ich interimsweise in die index.html einen Hinweis eingestellt sowie hier eine Umleitung von der betroffenen SubDomain …
Für einen Moment habe ich die Luft angehalten, weil ich dachte, du hättest „nach hier“ (=hierhin) umgeleitet. „Meine Website ist kaputt, Näheres erklärt der Support …“ 😀
Schau’n wir mal, ob wir dir Morgen weiterhelfen können.
Hallo,
jetzt habe ich mir bei der Fehlersuche/-behebung ’nen schicken „500 Internal Server Error“ erzeugt und weiß nun nicht richtig mehr weiter …
Hier meine wp-config.php
<?php define( 'WP_CACHE', true ); /** * The base configurations of the WordPress. * * This file has the following configurations: MySQL settings, Table Prefix, * Secret Keys, WordPress Language, and ABSPATH. You can find more information by * visiting {@link http://codex.wordpress.org/Editing_wp-config.php Editing * wp-config.php} Codex page. You can get the MySQL settings from your web host. * * This file is used by the wp-config.php creation script during the * installation. You don't have to use the web site, you can just copy this file * to "wp-config.php" and fill in the values. * * @package WordPress */ // ** MySQL settings - You can get this info from your web host ** // /** The name of the database for WordPress */ define('DB_NAME', 'geheim'); /** MySQL database username */ define('DB_USER', 'geheim'); /** MySQL database password */ define('DB_PASSWORD', 'geheim'); /** MySQL hostname */ define('DB_HOST', 'localhost'); /** Database Charset to use in creating database tables. */ define('DB_CHARSET', 'utf8'); /** The Database Collate type. Don't change this if in doubt. */ define('DB_COLLATE', ''); /**#@+ * Sicherheitsschlüssel * * Ändere jeden untenstehenden Platzhaltertext in eine beliebige, * möglichst einmalig genutzte Zeichenkette. * Auf der Seite {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service} * kannst du dir alle Schlüssel generieren lassen. * Du kannst die Schlüssel jederzeit wieder ändern, alle angemeldeten * Benutzer müssen sich danach erneut anmelden. * * @since 2.6.0 */ define('AUTH_KEY', 'geheim'); define('SECURE_AUTH_KEY', 'geheim'); define('LOGGED_IN_KEY', 'geheim'); define('NONCE_KEY', 'geheim'); define('AUTH_SALT', 'geheim'); define('SECURE_AUTH_SALT', 'geheim'); define('LOGGED_IN_SALT', 'geheim'); define('NONCE_SALT', 'geheim'); /**#@-*/ /** * WordPress Database Table prefix. * * You can have multiple installations in one database if you give each a unique * prefix. Only numbers, letters, and underscores please! */ $table_prefix = 'wp_'; /** * WordPress Localized Language, defaults to English. * * Change this to localize WordPress. A corresponding MO file for the chosen * language must be installed to wp-content/languages. For example, install * de.mo to wp-content/languages and set WPLANG to 'de' to enable German * language support. */ define ('WPLANG', 'de_DE'); define ('FS_METHOD', 'direct'); define('WP_DEBUG', false); /** //--- disable auto upgrade define( 'AUTOMATIC_UPDATER_DISABLED', true ); */ /** Um automatische Updates für Hauptversionen oder für Entwicklungszwecke zu aktivieren, nutzt man am besten die Konstante WP_AUTO_UPDATE_CORE. Drei unterschiedliche Wege diese Konstante zu definieren ermöglichen das pauschale Aktivieren, oder pauschale Deaktivieren unterschiedlicher Typen von Core Updates auf einmal. - Wert true - Updates der Entwickler-, Unter- und Hauptversionen werden alle aktiviert - Wert false - Updates der Entwickler-, Unter- und Hauptversionen werden alle deaktiviert - Wert minor - Updates der Unterversionen werden aktiviert, Entwickler- und Hauptversionen hingegen deaktiviert Quelle: https://codex.wordpress.org/de:Automatische_Hintergrund_Updates_einstellen */ define ('WP_AUTO_UPDATE_CORE', true); /* ####################################################################### Von mir am 12.11.2017 eingefügt: DATEIBEARBEITUNG im Dashboard ausschalten ####################################################################### */ define('DISALLOW_FILE_EDIT', true); /* That's all, stop editing! Happy blogging. */ /** WordPress absolute path to the WordPress directory. */ if ( !defined('ABSPATH') ) define('ABSPATH', dirname(__FILE__) . '/'); /** Sets up WordPress vars and included files. */ require_once(ABSPATH . 'wp-settings.php');
Hier dazu die SubDomain: https://foto.bildermann.de/
- Das Thema „Seite und Login mit „Forbidden“ blockiert“ ist für neue Antworten geschlossen.