Support » Allgemeine Fragen » Seite und Login mit „Forbidden“ blockiert

  • Gelöst Zittau

    (@zittau)


    Hallo,

    anstelle der Seite wird diese Fehlermeldung ausgegeben:

    Forbidden
    You don’t have permission to access this resource.

    In der Adresszeile steht hinter meiner Domain automatisch dieser Eintrag:

    /wp-admin/install.php

    Das Selbe wird beim Aufrufen der wp-admin automatisch angezeigt.

    Im Installationsordner gibt es zusätzlich eine Datei „.htaccess.bk“, welche nicht von mir stammt.

    Was könnte bitte eine mögliche Fehlerursache sein?

    Danke, Karl

    • Dieses Thema wurde geändert vor 3 Wochen, 6 Tage von Zittau.
    • Dieses Thema wurde geändert vor 3 Wochen, 6 Tage von Zittau.
Ansicht von 15 Antworten - 1 bis 15 (von insgesamt 18)
  • Die Fehlermelung „403 – Forbidden“ bedeutet, dass der Zugriff auf die Datei oder das Verzeichnis, das du ansehen möchtest, entweder durch einen Eintrag in der .htaccess oder durch eine falsch gesetzte Dateiberechtigung gesperrt wird. Als Erklärung wäre naheliegend, dass du versucht hast, Sicherheitseinstellungen vorzunehmen und dabei einen Fehler gemacht hast.

    Wird beim Aufruf einer WordPress-Installation auf die Datei wp-admin/install.php weitergeleitet, geht WordPress davon aus, dass die Installation noch nicht erfolgt ist. Das ist z.B. dann der Fall, wenn auf die Datenbank-Tabellen nicht zugegriffen werden kann.

    Mit einer URL zur Website lässt sich das weniger theoretisch klären. Bitte lis dazu nochmal: Warum ein Link zu deiner Website wichtig ist

    Zu deiner nachträglichen Erwähnung: Poste doch bitte mal den Inhalt von .htaccess und .htaccess.bk.

    .bk ist eigentlich eine Dateierweiterung von Adobe Framemaker, kann aber auch für ein „Backup“ verwendet worden sein. Manchmal ändern Webhoster recht eigenmächtig Dateien, wenn der Server übermäßig belastet oder eine Schadsoftware entdeckt wurde. Es kann durchaus sein, dass der Webhoster hier eine Änderung vorgenommen und die alte Version gesichert hat. (Keine gute Idee, weil ich eine .bk-Datei im Browser ausgegen könnte, wenn die Dateiendung nicht speziell gesichert wurde).

    Thread-Ersteller Zittau

    (@zittau)

    @pixolin

    Danke.

    hier die .htaccess:
    ###########################

    
    ##############################################
    # GZIP-Komprimierung aktiviert am 15.08.2021
    # Gzip compression
    # quelle: https://kinsta.com/de/blog/gzip-komprimierung-aktivieren/#wie-man-die-gzipkomprimierung-aktiviert
    # und
    # https://docs.wp-rocket.me/article/63-enable-gzip-compression
    ##############################################
    
    # Gzip compression
    <IfModule mod_deflate.c>
    # Active compression
    SetOutputFilter DEFLATE
    # Force deflate for mangled headers
    <IfModule mod_setenvif.c>
    <IfModule mod_headers.c>
    SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
    RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
    # Don’t compress images and other uncompressible content
    SetEnvIfNoCase Request_URI \
    \.(?:gif|jpe?g|png|rar|zip|exe|flv|mov|wma|mp3|avi|swf|mp?g|mp4|webm|webp|pdf)$ no-gzip dont-vary
    </IfModule>
    </IfModule>
    # Compress all output labeled with one of the following MIME-types
    <IfModule mod_filter.c>
    AddOutputFilterByType DEFLATE application/atom+xml \
    		                          application/javascript \
    		                          application/json \
    		                          application/rss+xml \
    		                          application/vnd.ms-fontobject \
    		                          application/x-font-ttf \
    		                          application/xhtml+xml \
    		                          application/xml \
    		                          font/opentype \
    		                          image/svg+xml \
    		                          image/x-icon \
    		                          text/css \
    		                          text/html \
    		                          text/plain \
    		                          text/x-component \
    		                          text/xml
    </IfModule>
    <IfModule mod_headers.c>
    Header append Vary: Accept-Encoding
    </IfModule>
    </IfModule>
    <IfModule mod_mime.c>
    AddType text/html .html_gzip
    AddEncoding gzip .html_gzip
    </IfModule>
    <IfModule mod_setenvif.c>
    SetEnvIfNoCase Request_URI \.html_gzip$ no-gzip
    
    ###############################################
    
    # BEGIN LSCACHE
    ## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
    <IfModule LiteSpeed>
    RewriteEngine on
    CacheLookup on
    RewriteRule .* - [E=Cache-Control:no-autoflush]
    RewriteRule \.litespeed_conf\.dat - [F,L]
    
    ### marker MOBILE start ###
    RewriteCond %{HTTP_USER_AGENT} Mobile|Android|Silk/|Kindle|BlackBerry|Opera\ Mini|Opera\ Mobi [NC]
    RewriteRule .* - [E=Cache-Control:vary=%{ENV:LSCACHE_VARY_VALUE}+ismobile]
    ### marker MOBILE end ###
    
    ### marker CACHE RESOURCE start ###
    RewriteRule http://foto.bildermann.de/wp-content/.*/[^/]*(responsive|css|js|dynamic|loader|fonts)\.php - [E=cache-control:max-age=3600]
    ### marker CACHE RESOURCE end ###
    
    ### marker FAVICON start ###
    RewriteRule favicon\.ico$ - [E=cache-control:max-age=86400]
    ### marker FAVICON end ###
    
    ### marker WEBP start ###
    RewriteCond %{HTTP_ACCEPT} "image/webp" [or]
    RewriteCond %{HTTP_USER_AGENT} "Page Speed"
    RewriteRule .* - [E=Cache-Control:vary=%{ENV:LSCACHE_VARY_VALUE}+webp]
    RewriteCond %{HTTP_USER_AGENT} iPhone.*Version/(\d{2}).*Safari
    RewriteCond %1 >13
    RewriteRule .* - [E=Cache-Control:vary=%{ENV:LSCACHE_VARY_VALUE}+webp]
    ### marker WEBP end ###
    
    ### marker DROPQS start ###
    CacheKeyModify -qs:fbclid
    CacheKeyModify -qs:gclid
    CacheKeyModify -qs:utm*
    CacheKeyModify -qs:_ga
    ### marker DROPQS end ###
    
    </IfModule>
    ## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
    # END LSCACHE
    # BEGIN NON_LSCACHE
    ## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
    ## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
    # END NON_LSCACHE
    
    ########################################################################
    # OPTIMAL .htaccess FILE FOR SPEED AND SECURITY @Version 2.0.1 - 08/2020
    # ----------------------------------------------------------------------
    # @Author: Andreas Hecht
    # @Author URI: https://seoagentur-hamburg.com
    # License: GNU General Public License v2 or later
    # License URI: http://www.gnu.org/licenses/gpl-2.0.html
    ########################################################################
    
    # ----------------------------------------------------------------------
    # Rewrite from HTTP to HTTPS - if you want to use it, comment it out
    # ----------------------------------------------------------------------
    
    #<IfModule mod_rewrite.c>
    #RewriteEngine On
    #RewriteCond %{HTTPS} !=on
    #RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    #</IfModule>
    
    # ----------------------------------------------------------------------
    # | Activate CORS                                                  
    # ----------------------------------------------------------------------
    
    <IfModule mod_headers.c>
        <FilesMatch "\.(ttf|ttc|otf|eot|woff|woff2|font.css|css|js|gif|png|jpe?g|svg|svgz|ico|webp)$">
            Header set Access-Control-Allow-Origin "*"
        </FilesMatch>
    </IfModule>
    
    # -----------------------------------------------------------------------
    # | 404 Fix: Block Nuisance Requests for Non-Existent Files - New in 2018  
    #   https://perishablepress.com/block-nuisance-requests - @Update 2019
    # -----------------------------------------------------------------------
    
    <IfModule mod_alias.c>
    	RedirectMatch 403 (?i)\.php\.suspected
    	RedirectMatch 403 (?i)apple-app-site-association
    	RedirectMatch 403 (?i)/autodiscover/autodiscover.xml
    </IfModule>
    
    # ----------------------------------------------------------------------
    # | Compressing and Caching - Version 2020                                                    |
    # ----------------------------------------------------------------------
    
    # Serve resources with far-future expires headers.
    #
    # (!) If you don't control versioning with filename-based
    # cache busting, you should consider lowering the cache times
    # to something like one week.
    #
    # https://httpd.apache.org/docs/current/mod/mod_expires.html
    
    <IfModule mod_expires.c>
        ExpiresActive on
        ExpiresDefault                                      "access plus 1 month"
    
      # CSS
        ExpiresByType text/css                              "access plus 1 year"
    
      # Data interchange
        ExpiresByType application/atom+xml                  "access plus 1 hour"
        ExpiresByType application/rdf+xml                   "access plus 1 hour"
        ExpiresByType application/rss+xml                   "access plus 1 hour"
    
        ExpiresByType application/json                      "access plus 0 seconds"
        ExpiresByType application/ld+json                   "access plus 0 seconds"
        ExpiresByType application/schema+json               "access plus 0 seconds"
        ExpiresByType application/vnd.geo+json              "access plus 0 seconds"
        ExpiresByType application/xml                       "access plus 0 seconds"
        ExpiresByType text/xml                              "access plus 0 seconds"
    
      # Favicon (cannot be renamed!) and cursor images
        ExpiresByType image/vnd.microsoft.icon              "access plus 1 week"
        ExpiresByType image/x-icon                          "access plus 1 week"
    
      # HTML - No Caching
        ExpiresByType text/html                             "access plus 0 seconds"
    
      # JavaScript
        ExpiresByType application/javascript                "access plus 1 year"
        ExpiresByType application/x-javascript              "access plus 1 year"
        ExpiresByType text/javascript                       "access plus 1 year"
    
      # Manifest files
        ExpiresByType application/manifest+json             "access plus 1 week"
        ExpiresByType application/x-web-app-manifest+json   "access plus 0 seconds"
        ExpiresByType text/cache-manifest                   "access plus 0 seconds"
        
    # Update 2020: Google recommendation: cache duration increased to 1 year
    # @see: https://web.dev/uses-long-cache-ttl/    
    
      # Media files
        ExpiresByType audio/ogg                             "access plus 1 year"
        ExpiresByType image/bmp                             "access plus 1 year"
        ExpiresByType image/gif                             "access plus 1 year"
        ExpiresByType image/jpeg                            "access plus 1 year"
        ExpiresByType image/png                             "access plus 1 year"
        ExpiresByType image/svg+xml                         "access plus 1 year"
        ExpiresByType image/webp                            "access plus 1 year"
        ExpiresByType video/mp4                             "access plus 1 year"
        ExpiresByType video/ogg                             "access plus 1 year"
        ExpiresByType video/webm                            "access plus 1 year"
    
      # Web fonts
    
        # Embedded OpenType (EOT)
        ExpiresByType application/vnd.ms-fontobject         "access plus 1 year"
        ExpiresByType font/eot                              "access plus 1 year"
    
        # OpenType
        ExpiresByType font/opentype                         "access plus 1 year"
    
        # TrueType
        ExpiresByType application/x-font-ttf                "access plus 1 year"
    
        # Web Open Font Format (WOFF) 1.0
        ExpiresByType application/font-woff                 "access plus 1 year"
        ExpiresByType application/x-font-woff               "access plus 1 year"
        ExpiresByType font/woff                             "access plus 1 year"
    
        # Web Open Font Format (WOFF) 2.0
        ExpiresByType application/font-woff2                "access plus 1 year"
    
      # Other
        ExpiresByType text/x-cross-domain-policy            "access plus 1 week"
    </IfModule>
    
    <IfModule mod_deflate.c>
    # Insert filters / compress text, html, javascript, css, xml:
    AddOutputFilterByType DEFLATE text/plain
    AddOutputFilterByType DEFLATE text/html
    AddOutputFilterByType DEFLATE text/xml
    AddOutputFilterByType DEFLATE text/css
    AddOutputFilterByType DEFLATE text/vtt 
    AddOutputFilterByType DEFLATE text/x-component
    AddOutputFilterByType DEFLATE application/xml
    AddOutputFilterByType DEFLATE application/xhtml+xml
    AddOutputFilterByType DEFLATE application/rss+xml
    AddOutputFilterByType DEFLATE application/js
    AddOutputFilterByType DEFLATE application/javascript
    AddOutputFilterByType DEFLATE application/x-javascript
    AddOutputFilterByType DEFLATE application/x-httpd-php
    AddOutputFilterByType DEFLATE application/x-httpd-fastphp
    AddOutputFilterByType DEFLATE application/atom+xml 
    AddOutputFilterByType DEFLATE application/json
    AddOutputFilterByType DEFLATE application/ld+json 
    AddOutputFilterByType DEFLATE application/vnd.ms-fontobject 
    AddOutputFilterByType DEFLATE application/x-font-ttf
    AddOutputFilterByType DEFLATE application/font-woff2
    AddOutputFilterByType DEFLATE application/x-font-woff
    AddOutputFilterByType DEFLATE application/x-web-app-manifest+json font/woff
    AddOutputFilterByType DEFLATE font/woff 
    AddOutputFilterByType DEFLATE font/opentype
    AddOutputFilterByType DEFLATE image/svg+xml
    AddOutputFilterByType DEFLATE image/x-icon 
    
    # Exception: Images
    SetEnvIfNoCase REQUEST_URI \.(?:gif|jpg|jpeg|png|svg)$ no-gzip dont-vary
    
    # Drop problematic browsers
    BrowserMatch ^Mozilla/4 gzip-only-text/html
    BrowserMatch ^Mozilla/4\.0[678] no-gzip
    BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
    
    # Make sure proxies don't deliver the wrong content
    Header append Vary User-Agent env=!dont-vary
    </IfModule>
    
    #Alternative caching using Apache's "mod_headers", if it's installed.
    #Caching of common files - ENABLED
    <IfModule mod_headers.c>
    <FilesMatch "\.(ico|pdf|flv|swf|js|css|gif|png|jpg|jpeg|txt|woff2|woff)$">
    Header set Cache-Control "max-age=31536000, public"
    </FilesMatch>
    </IfModule>
    
    <IfModule mod_headers.c>
      <FilesMatch "\.(js|css|xml|gz)$">
        Header append Vary Accept-Encoding
      </FilesMatch>
    </IfModule>
    
    # Set Keep Alive Header
    <IfModule mod_headers.c>
        Header set Connection keep-alive
    </IfModule>
    
    # If your server don't support ETags deactivate with "None" (and remove header)
    <IfModule mod_expires.c> 
      <IfModule mod_headers.c> 
        Header unset ETag 
      </IfModule> 
      FileETag None 
    </IfModule>
    
    <IfModule mod_headers.c>
    <FilesMatch ".(js|css|xml|gz|html|woff|woff2|ttf)$">
    Header append Vary: Accept-Encoding
    </FilesMatch>
    </IfModule>
    
    # ----------------------------------------------------------------------
    # | 7G Firewall for Security - Do not change this part @Update 2020
    # ----------------------------------------------------------------------
    # 7G FIREWALL v1.3 20200903
    # @ https://perishablepress.com/7g-firewall/
    
    # 7G:[CORE]
    ServerSignature Off
    Options -Indexes
    RewriteEngine On
    RewriteBase /
    
    # 7G:[QUERY STRING]
    <IfModule mod_rewrite.c>
    	RewriteCond %{QUERY_STRING} ([a-z0-9]{2000,}) [NC,OR]
    	RewriteCond %{QUERY_STRING} (/|%2f)(:|%3a)(/|%2f) [NC,OR]
    	RewriteCond %{QUERY_STRING} (/|%2f)(\*|%2a)(\*|%2a)(/|%2f) [NC,OR]
    	RewriteCond %{QUERY_STRING} (''
    |<|>|\^|\|\\|0x00|%00|%0d%0a) [NC,OR]
    	RewriteCond %{QUERY_STRING} (cmd|command)(=|%3d)(chdir|mkdir)(.*)(x20) [NC,OR]
    	RewriteCond %{QUERY_STRING} (ckfinder|fullclick|ckfinder|fckeditor) [NC,OR]
    	RewriteCond %{QUERY_STRING} (globals|mosconfig([a-z_]{1,22})|request)(=|\[) [NC,OR]
    	RewriteCond %{QUERY_STRING} (/|%2f)((wp-)?config)((\.|%2e)inc)?((\.|%2e)php) [NC,OR]
    	RewriteCond %{QUERY_STRING} (thumbs?(_editor|open)?|tim(thumbs?)?)((\.|%2e)php) [NC,OR]
    	RewriteCond %{QUERY_STRING} (absolute_|base|root_)(dir|path)(=|%3d)(ftp|https?) [NC,OR]
    	RewriteCond %{QUERY_STRING} (localhost|loopback|127(\.|%2e)0(\.|%2e)0(\.|%2e)1) [NC,OR]
    	RewriteCond %{QUERY_STRING} (s)?(ftp|inurl|php)(s)?(:(/|%2f|%u2215)(/|%2f|%u2215)) [NC,OR]
    	RewriteCond %{QUERY_STRING} (\.|20)(get|the)(_|%5f)(permalink|posts_page_url)(\(|%28) [NC,OR]
    	RewriteCond %{QUERY_STRING} ((boot|win)((\.|%2e)ini)|etc(/|%2f)passwd|self(/|%2f)environ) [NC,OR]
    	RewriteCond %{QUERY_STRING} (((/|%2f){3,3})|((\.|%2e){3,3})|((\.|%2e){2,2})(/|%2f|%u2215)) [NC,OR]
    	RewriteCond %{QUERY_STRING} (benchmark|char|exec|fopen|function|html)(.*)(\(|%28)(.*)(\)|%29) [NC,OR]
    	RewriteCond %{QUERY_STRING} (php)([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}) [NC,OR]
    	RewriteCond %{QUERY_STRING} (e|%65|%45)(v|%76|%56)(a|%61|%31)(l|%6c|%4c)(.*)(\(|%28)(.*)(\)|%29) [NC,OR]
    	RewriteCond %{QUERY_STRING} (/|%2f)(=|%3d|$&|_mm|cgi(\.|-)|inurl(:|%3a)(/|%2f)|(mod|path)(=|%3d)(\.|%2e)) [NC,OR]
    	RewriteCond %{QUERY_STRING} (<|%3c)(.*)(e|%65|%45)(m|%6d|%4d)(b|%62|%42)(e|%65|%45)(d|%64|%44)(.*)(>|%3e) [NC,OR]
    	RewriteCond %{QUERY_STRING} (<|%3c)(.*)(i|%69|%49)(f|%66|%46)(r|%72|%52)(a|%61|%41)(m|%6d|%4d)(e|%65|%45)(.*)(>|%3e) [NC,OR]
    	RewriteCond %{QUERY_STRING} (<|%3c)(.*)(o|%4f|%6f)(b|%62|%42)(j|%4a|%6a)(e|%65|%45)(c|%63|%43)(t|%74|%54)(.*)(>|%3e) [NC,OR]
    	RewriteCond %{QUERY_STRING} (<|%3c)(.*)(s|%73|%53)(c|%63|%43)(r|%72|%52)(i|%69|%49)(p|%70|%50)(t|%74|%54)(.*)(>|%3e) [NC,OR]
    	RewriteCond %{QUERY_STRING} (\+|%2b|%20)(d|%64|%44)(e|%65|%45)(l|%6c|%4c)(e|%65|%45)(t|%74|%54)(e|%65|%45)(\+|%2b|%20) [NC,OR]
    	RewriteCond %{QUERY_STRING} (\+|%2b|%20)(i|%69|%49)(n|%6e|%4e)(s|%73|%53)(e|%65|%45)(r|%72|%52)(t|%74|%54)(\+|%2b|%20) [NC,OR]
    	RewriteCond %{QUERY_STRING} (\+|%2b|%20)(s|%73|%53)(e|%65|%45)(l|%6c|%4c)(e|%65|%45)(c|%63|%43)(t|%74|%54)(\+|%2b|%20) [NC,OR]
    	RewriteCond %{QUERY_STRING} (\+|%2b|%20)(u|%75|%55)(p|%70|%50)(d|%64|%44)(a|%61|%41)(t|%74|%54)(e|%65|%45)(\+|%2b|%20) [NC,OR]
    	RewriteCond %{QUERY_STRING} (\\x00|(\"|%22|\'|%27)?0(\"|%22|\'|%27)?(=|%3d)(\"|%22|\'|%27)?0|cast(\(|%28)0x|or%201(=|%3d)1) [NC,OR]
    	RewriteCond %{QUERY_STRING} (g|%67|%47)(l|%6c|%4c)(o|%6f|%4f)(b|%62|%42)(a|%61|%41)(l|%6c|%4c)(s|%73|%53)(=|[|%[0-9A-Z]{0,2}) [NC,OR]
    	RewriteCond %{QUERY_STRING} (_|%5f)(r|%72|%52)(e|%65|%45)(q|%71|%51)(u|%75|%55)(e|%65|%45)(s|%73|%53)(t|%74|%54)(=|[|%[0-9A-Z]{2,}) [NC,OR]
    	RewriteCond %{QUERY_STRING} (j|%6a|%4a)(a|%61|%41)(v|%76|%56)(a|%61|%31)(s|%73|%53)(c|%63|%43)(r|%72|%52)(i|%69|%49)(p|%70|%50)(t|%74|%54)(:|%3a)(.*)(;|%3b|\)|%29) [NC,OR]
    	RewriteCond %{QUERY_STRING} (b|%62|%42)(a|%61|%41)(s|%73|%53)(e|%65|%45)(6|%36)(4|%34)(_|%5f)(e|%65|%45|d|%64|%44)(e|%65|%45|n|%6e|%4e)(c|%63|%43)(o|%6f|%4f)(d|%64|%44)(e|%65|%45)(.*)(\()(.*)(\)) [NC,OR]
    	RewriteCond %{QUERY_STRING} (@copy|\$_(files|get|post)|allow_url_(fopen|include)|auto_prepend_file|blexbot|browsersploit|(c99|php)shell|curl(_exec|test)|disable_functions?|document_root|elastix|encodeuricom|exploit|fclose|fgets|file_put_contents|fputs|fsbuff|fsockopen|gethostbyname|grablogin|hmei7|input_file|null|open_basedir|outfile|passthru|phpinfo|popen|proc_open|quickbrute|remoteview|root_path|safe_mode|shell_exec|site((.){0,2})copier|sux0r|trojan|user_func_array|wget|xertive) [NC,OR]
    	RewriteCond %{QUERY_STRING} (;|<|>|\'|\"|\)|%0a|%0d|%22|%27|%3c|%3e|%00)(.*)(/\*|alter|base64|benchmark|cast|char|concat|convert|create|encode|declare|delete|drop|insert|md5|order|request|script|select|set|union|update) [NC,OR]
    	RewriteCond %{QUERY_STRING} ((\+|%2b)(concat|delete|get|select|union)(\+|%2b)) [NC,OR]
    	RewriteCond %{QUERY_STRING} (union)(.*)(select)(.*)(\(|%28) [NC,OR]
    	RewriteCond %{QUERY_STRING} (concat)(.*)(\(|%28) [NC]
    	RewriteRule .* - [F,L]
    	# RewriteRule .* /7G_log.php?log [END,NE,E=7G_QUERY_STRING:%1___%2___%3]
    </IfModule>
    
    # 7G:[REQUEST URI]
    <IfModule mod_rewrite.c>
    	RewriteCond %{REQUEST_URI} ([a-z0-9]{2000,}) [NC,OR]
    	RewriteCond %{REQUEST_URI} (=?\\(\'|%27)/?)(\.) [NC,OR]
    	RewriteCond %{REQUEST_URI} (\^|''|<|>|%|\\|\{|\}|\|) [NC,OR]
    	RewriteCond %{REQUEST_URI} (/)(\*|\"|\'|\.|,|&|&?)/?$ [NC,OR]
    	RewriteCond %{REQUEST_URI} (\.)(php)(\()?([0-9]+)(\))?(/)?$ [NC,OR]
    	RewriteCond %{REQUEST_URI} (/)(vbulletin|boards|vbforum)(/)? [NC,OR]
    	RewriteCond %{REQUEST_URI} (\.(s?ftp-?)config|(s?ftp-?)config\.) [NC,OR]
    	RewriteCond %{REQUEST_URI} (\{0\}|\"?0\"?=\"?0|\(/\(|\.\.\.|\+\+\+|\\\") [NC,OR]
    	RewriteCond %{REQUEST_URI} (thumbs?(_editor|open)?|tim(thumbs?)?)(\.php) [NC,OR]
    	RewriteCond %{REQUEST_URI} (/)(fck|ckfinder|fullclick|ckfinder|fckeditor) [NC,OR]
    	RewriteCond %{REQUEST_URI} (\.|20)(get|the)(_)(permalink|posts_page_url)(\() [NC,OR]
    	RewriteCond %{REQUEST_URI} (///|\?\?|/&&|/\*(.*)\*/|/:/|\\\\|0x00|%00|%0d%0a) [NC,OR]
    	RewriteCond %{REQUEST_URI} (/%7e)(root|ftp|bin|nobody|named|guest|logs|sshd)(/) [NC,OR]
    	RewriteCond %{REQUEST_URI} (/)(etc|var)(/)(hidden|secret|shadow|ninja|passwd|tmp)(/)?$ [NC,OR]
    	RewriteCond %{REQUEST_URI} (s)?(ftp|http|inurl|php)(s)?(:(/|%2f|%u2215)(/|%2f|%u2215)) [NC,OR]
    	RewriteCond %{REQUEST_URI} (/)(=|\$&?|&?(pws|rk)=0|_mm|_vti_|cgi(\.|-)?|(=|/|;|,)nt\.) [NC,OR]
    	RewriteCond %{REQUEST_URI} (\.)(ds_store|htaccess|htpasswd|init?|mysql-select-db)(/)?$ [NC,OR]
    	RewriteCond %{REQUEST_URI} (/)(bin)(/)(cc|chmod|chsh|cpp|echo|id|kill|mail|nasm|perl|ping|ps|python|tclsh)(/)?$ [NC,OR]
    	RewriteCond %{REQUEST_URI} (/)(::[0-9999]|%3a%3a[0-9999]|127\.0\.0\.1|localhost|loopback|makefile|pingserver|wwwroot)(/)? [NC,OR]
    	RewriteCond %{REQUEST_URI} (\(null\)|\{\$itemURL\}|cAsT\(0x|echo(.*)kae|etc/passwd|eval\(|self/environ|\+union\+all\+select) [NC,OR]
    	RewriteCond %{REQUEST_URI} (/)(awstats|(c99|php|web)shell|document_root|error_log|listinfo|muieblack|remoteview|site((.){0,2})copier|sqlpatch|sux0r) [NC,OR]
    	RewriteCond %{REQUEST_URI} (/)((php|web)?shell|crossdomain|fileditor|locus7|nstview|php(get|remoteview|writer)|r57|remview|sshphp|storm7|webadmin)(.*)(\.|\() [NC,OR]
    	RewriteCond %{REQUEST_URI} (/)(author-panel|bitrix|class|database|(db|mysql)-?admin|filemanager|htdocs|httpdocs|https?|mailman|mailto|msoffice|mysql|_?php-?my-?admin(.*)|tmp|undefined|usage|var|vhosts|webmaster|www)(/) [NC,OR]
    	RewriteCond %{REQUEST_URI} (\.)(7z|ab4|afm|aspx?|bash|ba?k?|bz2|cfg|cfml?|cgi|ctl|dat|db|dll|eml|et2|exe|fec|fla|hg|inc|ini|inv|jsp|log|lqd|mbf|mdb|mmw|mny|old|one|out|passwd|pdb|pl|psd|pst|ptdb|pwd|py|qbb|qdf|rar|rdf|sdb|sql|sh|soa|swf|swl|swp|stx|tar|tax|tgz|tls|tmd|wow|zlib)$ [NC,OR]
    	RewriteCond %{REQUEST_URI} (base64_(en|de)code|benchmark|child_terminate|curl_exec|e?chr|eval|function|fwrite|(f|p)open|html|leak|passthru|p?fsockopen|phpinfo|posix_(kill|mkfifo|setpgid|setsid|setuid)|proc_(close|get_status|nice|open|terminate)|(shell_)?exec|system)(.*)(\()(.*)(\)) [NC,OR]
    	RewriteCond %{REQUEST_URI} (/)(^$|00.temp00|0day|3xp|70bex?|admin_events|bkht|(php|web)?shell|configbak|curltest|db|dompdf|filenetworks|hmei7|index\.php/index\.php/index|jahat|kcrew|keywordspy|mobiquo|mysql|nessus|php-?info|racrew|sql|vuln|webconfig|(wp-)?conf(ig)?(uration)?|xertive)(\.php) [NC]
    	RewriteRule .* - [F,L]
    	# RewriteRule .* /7G_log.php?log [END,NE,E=7G_REQUEST_URI:%1___%2___%3]
    </IfModule>
    
    # 7G:[USER AGENT]
    <IfModule mod_rewrite.c>
    	RewriteCond %{HTTP_USER_AGENT} ([a-z0-9]{2000,}) [NC,OR]
    	RewriteCond %{HTTP_USER_AGENT} (<|%0a|%0d|%27|%3c|%3e|%00|0x00) [NC,OR]
    	RewriteCond %{HTTP_USER_AGENT} ((c99|php|web)shell|remoteview|site((.){0,2})copier) [NC,OR]
    	RewriteCond %{HTTP_USER_AGENT} (base64_decode|bin/bash|disconnect|eval|lwp-download|unserialize|\\\x22) [NC,OR]
    	RewriteCond %{HTTP_USER_AGENT} (360Spider|acapbot|acoonbot|ahrefs|alexibot|asterias|attackbot|backdorbot|becomebot|binlar|blackwidow|blekkobot|blexbot|blowfish|bullseye|bunnys|butterfly|careerbot|casper|checkpriv|cheesebot|cherrypick|chinaclaw|choppy|clshttp|cmsworld|copernic|copyrightcheck|cosmos|crescent|cy_cho|datacha|demon|diavol|discobot|dittospyder|dotbot|dotnetdotcom|dumbot|emailcollector|emailsiphon|emailwolf|exabot|extract|eyenetie|feedfinder|flaming|flashget|flicky|foobot|g00g1e|getright|gigabot|go-ahead-got|gozilla|grabnet|grafula|harvest|heritrix|httrack|icarus6j|jetbot|jetcar|jikespider|kmccrew|leechftp|libweb|linkextractor|linkscan|linkwalker|loader|masscan|miner|majestic|mechanize|mj12bot|morfeus|moveoverbot|netmechanic|netspider|nicerspro|nikto|ninja|nutch|octopus|pagegrabber|planetwork|postrank|proximic|purebot|pycurl|python|queryn|queryseeker|radian6|radiation|realdownload|rogerbot|scooter|seekerspider|semalt|siclab|sindice|sistrix|sitebot|siteexplorer|sitesnagger|skygrid|smartdownload|snoopy|sosospider|spankbot|spbot|sqlmap|stackrambler|stripper|sucker|surftbot|sux0r|suzukacz|suzuran|takeout|teleport|telesoft|true_robots|turingos|turnit|vampire|vikspider|voideye|webleacher|webreaper|webstripper|webvac|webviewer|webwhacker|winhttp|wwwoffle|woxbot|xaldon|xxxyy|yamanalab|yioopbot|youda|zeus|zmeu|zune|zyborg) [NC]
    	RewriteRule .* - [F,L]
    	# RewriteRule .* /7G_log.php?log [END,NE,E=7G_USER_AGENT:%1]
    </IfModule>
    
    # 7G:[REMOTE HOST]
    <IfModule mod_rewrite.c>
    	RewriteCond %{REMOTE_HOST} (163data|amazonaws|colocrossing|crimea|g00g1e|justhost|kanagawa|loopia|masterhost|onlinehome|poneytel|sprintdatacenter|reverse.softlayer|safenet|ttnet|woodpecker|wowrack) [NC]
    	RewriteRule .* - [F,L]
    	# RewriteRule .* /7G_log.php?log [END,NE,E=7G_REMOTE_HOST:%1]
    </IfModule>
    
    # 7G:[HTTP REFERRER]
    <IfModule mod_rewrite.c>
    	RewriteCond %{HTTP_REFERER} (semalt.com|todaperfeita) [NC,OR]
    	RewriteCond %{HTTP_REFERER} (ambien|blue\spill|cocaine|ejaculat|erectile|erections|hoodia|huronriveracres|impotence|levitra|libido|lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby|ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo) [NC]
    	RewriteRule .* - [F,L]
    	# RewriteRule .* /7G_log.php?log [END,NE,E=7G_HTTP_REFERRER:%1]
    </IfModule>
    
    # 7G:[REQUEST METHOD]
    <IfModule mod_rewrite.c>
    	RewriteCond %{REQUEST_METHOD} ^(connect|debug|move|trace|track) [NC]
    	RewriteRule .* - [F,L]
    	# RewriteRule .* /7G_log.php?log [END,NE,E=7G_REQUEST_METHOD:%1]
    </IfModule>
    
    #################################################################
    # 7G Addon: Stop Aggressive Scanning for Uploads-Related Targets
    # https://perishablepress.com/stop-aggressive-scanning-uploads/
    #################################################################
    
    <IfModule mod_rewrite.c>
    
    	# RewriteCond %{REQUEST_URI} /php(unit)?/ [NC,OR]
    	# RewriteCond %{REQUEST_URI} \.(aspx?|env|git(ignore)?|phtml|rar|well-known) [NC,OR]
    	# RewriteCond %{REQUEST_URI} /(cms|control_panel|dashboard|home_url=|lr-admin|manager|panel|staff|webadmin) [NC,OR]
    	# RewriteCond %{REQUEST_URI} /(adm(in)?|blog|cache|checkout|controlpanel|ecommerce|export|magento(-1|web)?|market(place)?|mg|onli(n|k)e|orders?|shop|tmplconnector|uxm|web?store)/ [NC,OR]
    	
    	RewriteCond %{REQUEST_URI} (_timthumb_|timthumb.php) [NC,OR]
    	RewriteCond %{REQUEST_URI} /(install|wp-config|xmlrpc)\.php [NC,OR]
    	RewriteCond %{REQUEST_URI} /(uploadify|uploadbg|up__uzegp)\.php [NC,OR]
    	RewriteCond %{REQUEST_URI} /(comm\.js|mysql-date-function|simplebootadmin|vuln\.htm|www\.root\.) [NC,OR]
    	RewriteCond %{REQUEST_URI} /(admin-uploadify|fileupload|jquery-file-upload|upload_file|upload|uploadify|webforms)/ [NC,OR]
    	RewriteCond %{REQUEST_URI} /(ajax_pluginconf|apikey|connector(.minimal)?|eval-stdin|f0x|login|router|setup-config|sssp|vuln|xattacker)\.php [NC]
    	
    	RewriteRule .* - [F,L]
    	
    </IfModule>
    
    # ----------------------------------------------------------------------
    #   Block WordPress files from outside access
    # ----------------------------------------------------------------------	
    
    # No access to the install.php
    <files install.php>
    Order allow,deny
    Deny from all
    </files>
     
    # No access to the wp-config.php 
    <files wp-config.php>
    Order allow,deny
    Deny from all
    </files>
     
    # No access to the readme.html
    <files readme.html>
     Order Allow,Deny
     Deny from all
     Satisfy all
    </Files>
     
    # No access to the liesmich.html for DE Edition
    <Files liesmich.html>
     Order Allow,Deny
     Deny from all
     Satisfy all
    </Files>
     
    # No error log access 
    <files error_log>
    Order allow,deny
    Deny from all
    </files>
    
    #No access to the .htaccess und .htpasswd
    <FilesMatch "(\.htaccess|\.htpasswd)">
      Order deny,allow
      Deny from all
    </FilesMatch>
    
    # Block access to includes folder
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^wp-admin/includes/ - [F,L]
    RewriteRule !^wp-includes/ - [S=3]
    RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
    RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
    RewriteRule ^wp-includes/theme-compat/ - [F,L]
    </IfModule>
    
    # ----------------------------------------------------------------------
    # | Blocking the »ReallyLongRequest« Bandit - New in 2018  
    #   https://perishablepress.com/blocking-reallylongrequest-bandit/
    # ----------------------------------------------------------------------
    
    <IfModule mod_rewrite.c>
        RewriteCond %{REQUEST_METHOD} .* [NC]
        RewriteCond %{THE_REQUEST}  (YesThisIsAReallyLongRequest|ScanningForResearchPurpose) [NC,OR]
        RewriteCond %{QUERY_STRING} (YesThisIsAReallyLongRequest|ScanningForResearchPurpose) [NC]
        RewriteRule .* - [F,L]
    </IfModule>
    
    # --------------------------------------------------------------------------------------------
    #   Ultimate hotlink protection - IMPORTANT: Change »?domain\« in line 361 to your domain name
    #   Example: ?andreas-hecht\ ### if you do not use https, change https in line 361 to http
    # --------------------------------------------------------------------------------------------
    
    <IfModule mod_rewrite.c>
     RewriteEngine on
     RewriteCond %{HTTP_REFERER}     !^$
     RewriteCond %{REQUEST_FILENAME} -f
      RewriteCond %{HTTP_REFERER}     !^https?://([^.]+\.)?foto.bildermann\. [NC]
     RewriteRule \.(gif|jpe?g?|png)$                             - [F,NC,L]
    </ifModule>
    
    # ----------------------------------------------------------------------
    #   Protect your WordPress Login with HTTP Authentification
    # ----------------------------------------------------------------------
    
    # If you want to use it, comment it out and set your path to .htpasswd
    #<Files wp-login.php>
    #AuthName "Admin-Bereich"
    #AuthType Basic
    #AuthUserFile /usr/local/www/apache24/your-path/your-domain.com/.htpasswd 
    #require valid-user
    #</Files>
    
    # ----------------------------------------------------------------------
    #   Switch off the security risk XML-RPC interface completely
    # ----------------------------------------------------------------------
    
    ### @see https://digwp.com/2009/06/xmlrpc-php-security/
    
    <Files xmlrpc.php>
     Order Deny,Allow
     Deny from all
    </Files>
    
    # -----------------------------------------------------------------------------
    #  HTTP SECURITY HEADER | Test on: https://securityheaders.com | UPDATE 2020
    # -----------------------------------------------------------------------------
    
    ### @see https://scotthelme.co.uk/hardening-your-http-response-headers
    ### UPDATE 2020
    
    ## No-Referrer-Header
    <IfModule mod_headers.c>
        Header set Referrer-Policy "no-referrer"
    </IfModule>
    
    ## Strict Origin when cross origin Header
    #@see https://scotthelme.co.uk/a-new-security-header-referrer-policy/
    <IfModule mod_headers.c>
    Header set Referrer-Policy "strict-origin-when-cross-origin"
    </IfModule>
    
    ## X-FRAME-OPTIONS-Header
    <IfModule mod_headers.c>
        Header set X-Frame-Options "sameorigin"
    </IfModule>
    
    ## X-XSS-PROTECTION-Header
    <IfModule mod_headers.c>
        Header set X-XSS-Protection "1; mode=block"
    </IfModule>
    
    ## X-Content-Type-Options-Header
    <IfModule mod_headers.c>
        Header set X-Content-Type-Options "nosniff"
    </IfModule>
    
    ## Strict-Transport-Security-Header - for HTTPS
    <IfModule mod_headers.c>
       Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
    </IfModule>
    
    ## This prevents that false issued certificates for this website can be used unnoticed. (Experimental)
    ## @see https://tools.ietf.org/html/draft-ietf-httpbis-expect-ct-02
    <IfModule mod_headers.c>
       Header set Expect-CT "enforce, max-age=21600"	
    </IfModule>
    
    # ----------------------------------------------------------------------
    # The original WordPress Rewrite Rules - Do not change anything here, 
    # except you are using a WordPress Multisite
    # ----------------------------------------------------------------------
    
    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    # END WordPress
    
    • Diese Antwort wurde geändert vor 3 Wochen, 6 Tage von Bego Mario Garde.
    • Diese Antwort wurde geändert vor 3 Wochen, 6 Tage von Bego Mario Garde. Grund: Codeformatierung
    • Diese Antwort wurde geändert vor 3 Wochen, 6 Tage von Bego Mario Garde.
    Thread-Ersteller Zittau

    (@zittau)

    @pixolin

    und hier die .htaccess.bk

    
    ##############################################
    # GZIP-Komprimierung aktiviert am 15.08.2021
    # Gzip compression
    # quelle: https://kinsta.com/de/blog/gzip-komprimierung-aktivieren/#wie-man-die-gzipkomprimierung-aktiviert
    # und
    # https://docs.wp-rocket.me/article/63-enable-gzip-compression
    ##############################################
    
    # Gzip compression
    <IfModule mod_deflate.c>
    # Active compression
    SetOutputFilter DEFLATE
    # Force deflate for mangled headers
    <IfModule mod_setenvif.c>
    <IfModule mod_headers.c>
    SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
    RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
    # Don’t compress images and other uncompressible content
    SetEnvIfNoCase Request_URI \
    \.(?:gif|jpe?g|png|rar|zip|exe|flv|mov|wma|mp3|avi|swf|mp?g|mp4|webm|webp|pdf)$ no-gzip dont-vary
    </IfModule>
    </IfModule>
    # Compress all output labeled with one of the following MIME-types
    <IfModule mod_filter.c>
    AddOutputFilterByType DEFLATE application/atom+xml \
    		                          application/javascript \
    		                          application/json \
    		                          application/rss+xml \
    		                          application/vnd.ms-fontobject \
    		                          application/x-font-ttf \
    		                          application/xhtml+xml \
    		                          application/xml \
    		                          font/opentype \
    		                          image/svg+xml \
    		                          image/x-icon \
    		                          text/css \
    		                          text/html \
    		                          text/plain \
    		                          text/x-component \
    		                          text/xml
    </IfModule>
    <IfModule mod_headers.c>
    Header append Vary: Accept-Encoding
    </IfModule>
    </IfModule>
    <IfModule mod_mime.c>
    AddType text/html .html_gzip
    AddEncoding gzip .html_gzip
    </IfModule>
    <IfModule mod_setenvif.c>
    SetEnvIfNoCase Request_URI \.html_gzip$ no-gzip
    
    ###############################################
    
    # BEGIN LSCACHE
    ## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
    <IfModule LiteSpeed>
    RewriteEngine on
    CacheLookup on
    RewriteRule .* - [E=Cache-Control:no-autoflush]
    RewriteRule \.litespeed_conf\.dat - [F,L]
    
    ### marker MOBILE start ###
    RewriteCond %{HTTP_USER_AGENT} Mobile|Android|Silk/|Kindle|BlackBerry|Opera\ Mini|Opera\ Mobi [NC]
    RewriteRule .* - [E=Cache-Control:vary=%{ENV:LSCACHE_VARY_VALUE}+ismobile]
    ### marker MOBILE end ###
    
    ### marker CACHE RESOURCE start ###
    RewriteRule http://foto.bildermann.de/wp-content/.*/[^/]*(responsive|css|js|dynamic|loader|fonts)\.php - [E=cache-control:max-age=3600]
    ### marker CACHE RESOURCE end ###
    
    ### marker FAVICON start ###
    RewriteRule favicon\.ico$ - [E=cache-control:max-age=86400]
    ### marker FAVICON end ###
    
    ### marker WEBP start ###
    RewriteCond %{HTTP_ACCEPT} "image/webp" [or]
    RewriteCond %{HTTP_USER_AGENT} "Page Speed"
    RewriteRule .* - [E=Cache-Control:vary=%{ENV:LSCACHE_VARY_VALUE}+webp]
    RewriteCond %{HTTP_USER_AGENT} iPhone.*Version/(\d{2}).*Safari
    RewriteCond %1 >13
    RewriteRule .* - [E=Cache-Control:vary=%{ENV:LSCACHE_VARY_VALUE}+webp]
    ### marker WEBP end ###
    
    ### marker DROPQS start ###
    CacheKeyModify -qs:fbclid
    CacheKeyModify -qs:gclid
    CacheKeyModify -qs:utm*
    CacheKeyModify -qs:_ga
    ### marker DROPQS end ###
    
    </IfModule>
    ## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
    # END LSCACHE
    # BEGIN NON_LSCACHE
    ## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
    ## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
    # END NON_LSCACHE
    
    ########################################################################
    # OPTIMAL .htaccess FILE FOR SPEED AND SECURITY @Version 2.0.1 - 08/2020
    # ----------------------------------------------------------------------
    # @Author: Andreas Hecht
    # @Author URI: https://seoagentur-hamburg.com
    # License: GNU General Public License v2 or later
    # License URI: http://www.gnu.org/licenses/gpl-2.0.html
    ########################################################################
    
    # ----------------------------------------------------------------------
    # Rewrite from HTTP to HTTPS - if you want to use it, comment it out
    # ----------------------------------------------------------------------
    
    #<IfModule mod_rewrite.c>
    #RewriteEngine On
    #RewriteCond %{HTTPS} !=on
    #RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    #</IfModule>
    
    # ----------------------------------------------------------------------
    # | Activate CORS                                                  
    # ----------------------------------------------------------------------
    
    <IfModule mod_headers.c>
        <FilesMatch "\.(ttf|ttc|otf|eot|woff|woff2|font.css|css|js|gif|png|jpe?g|svg|svgz|ico|webp)$">
            Header set Access-Control-Allow-Origin "*"
        </FilesMatch>
    </IfModule>
    
    # -----------------------------------------------------------------------
    # | 404 Fix: Block Nuisance Requests for Non-Existent Files - New in 2018  
    #   https://perishablepress.com/block-nuisance-requests - @Update 2019
    # -----------------------------------------------------------------------
    
    <IfModule mod_alias.c>
    	RedirectMatch 403 (?i)\.php\.suspected
    	RedirectMatch 403 (?i)apple-app-site-association
    	RedirectMatch 403 (?i)/autodiscover/autodiscover.xml
    </IfModule>
    
    # ----------------------------------------------------------------------
    # | Compressing and Caching - Version 2020                                                    |
    # ----------------------------------------------------------------------
    
    # Serve resources with far-future expires headers.
    #
    # (!) If you don't control versioning with filename-based
    # cache busting, you should consider lowering the cache times
    # to something like one week.
    #
    # https://httpd.apache.org/docs/current/mod/mod_expires.html
    
    <IfModule mod_expires.c>
        ExpiresActive on
        ExpiresDefault                                      "access plus 1 month"
    
      # CSS
        ExpiresByType text/css                              "access plus 1 year"
    
      # Data interchange
        ExpiresByType application/atom+xml                  "access plus 1 hour"
        ExpiresByType application/rdf+xml                   "access plus 1 hour"
        ExpiresByType application/rss+xml                   "access plus 1 hour"
    
        ExpiresByType application/json                      "access plus 0 seconds"
        ExpiresByType application/ld+json                   "access plus 0 seconds"
        ExpiresByType application/schema+json               "access plus 0 seconds"
        ExpiresByType application/vnd.geo+json              "access plus 0 seconds"
        ExpiresByType application/xml                       "access plus 0 seconds"
        ExpiresByType text/xml                              "access plus 0 seconds"
    
      # Favicon (cannot be renamed!) and cursor images
        ExpiresByType image/vnd.microsoft.icon              "access plus 1 week"
        ExpiresByType image/x-icon                          "access plus 1 week"
    
      # HTML - No Caching
        ExpiresByType text/html                             "access plus 0 seconds"
    
      # JavaScript
        ExpiresByType application/javascript                "access plus 1 year"
        ExpiresByType application/x-javascript              "access plus 1 year"
        ExpiresByType text/javascript                       "access plus 1 year"
    
      # Manifest files
        ExpiresByType application/manifest+json             "access plus 1 week"
        ExpiresByType application/x-web-app-manifest+json   "access plus 0 seconds"
        ExpiresByType text/cache-manifest                   "access plus 0 seconds"
        
    # Update 2020: Google recommendation: cache duration increased to 1 year
    # @see: https://web.dev/uses-long-cache-ttl/    
    
      # Media files
        ExpiresByType audio/ogg                             "access plus 1 year"
        ExpiresByType image/bmp                             "access plus 1 year"
        ExpiresByType image/gif                             "access plus 1 year"
        ExpiresByType image/jpeg                            "access plus 1 year"
        ExpiresByType image/png                             "access plus 1 year"
        ExpiresByType image/svg+xml                         "access plus 1 year"
        ExpiresByType image/webp                            "access plus 1 year"
        ExpiresByType video/mp4                             "access plus 1 year"
        ExpiresByType video/ogg                             "access plus 1 year"
        ExpiresByType video/webm                            "access plus 1 year"
    
      # Web fonts
    
        # Embedded OpenType (EOT)
        ExpiresByType application/vnd.ms-fontobject         "access plus 1 year"
        ExpiresByType font/eot                              "access plus 1 year"
    
        # OpenType
        ExpiresByType font/opentype                         "access plus 1 year"
    
        # TrueType
        ExpiresByType application/x-font-ttf                "access plus 1 year"
    
        # Web Open Font Format (WOFF) 1.0
        ExpiresByType application/font-woff                 "access plus 1 year"
        ExpiresByType application/x-font-woff               "access plus 1 year"
        ExpiresByType font/woff                             "access plus 1 year"
    
        # Web Open Font Format (WOFF) 2.0
        ExpiresByType application/font-woff2                "access plus 1 year"
    
      # Other
        ExpiresByType text/x-cross-domain-policy            "access plus 1 week"
    </IfModule>
    
    <IfModule mod_deflate.c>
    # Insert filters / compress text, html, javascript, css, xml:
    AddOutputFilterByType DEFLATE text/plain
    AddOutputFilterByType DEFLATE text/html
    AddOutputFilterByType DEFLATE text/xml
    AddOutputFilterByType DEFLATE text/css
    AddOutputFilterByType DEFLATE text/vtt 
    AddOutputFilterByType DEFLATE text/x-component
    AddOutputFilterByType DEFLATE application/xml
    AddOutputFilterByType DEFLATE application/xhtml+xml
    AddOutputFilterByType DEFLATE application/rss+xml
    AddOutputFilterByType DEFLATE application/js
    AddOutputFilterByType DEFLATE application/javascript
    AddOutputFilterByType DEFLATE application/x-javascript
    AddOutputFilterByType DEFLATE application/x-httpd-php
    AddOutputFilterByType DEFLATE application/x-httpd-fastphp
    AddOutputFilterByType DEFLATE application/atom+xml 
    AddOutputFilterByType DEFLATE application/json
    AddOutputFilterByType DEFLATE application/ld+json 
    AddOutputFilterByType DEFLATE application/vnd.ms-fontobject 
    AddOutputFilterByType DEFLATE application/x-font-ttf
    AddOutputFilterByType DEFLATE application/font-woff2
    AddOutputFilterByType DEFLATE application/x-font-woff
    AddOutputFilterByType DEFLATE application/x-web-app-manifest+json font/woff
    AddOutputFilterByType DEFLATE font/woff 
    AddOutputFilterByType DEFLATE font/opentype
    AddOutputFilterByType DEFLATE image/svg+xml
    AddOutputFilterByType DEFLATE image/x-icon 
    
    # Exception: Images
    SetEnvIfNoCase REQUEST_URI \.(?:gif|jpg|jpeg|png|svg)$ no-gzip dont-vary
    
    # Drop problematic browsers
    BrowserMatch ^Mozilla/4 gzip-only-text/html
    BrowserMatch ^Mozilla/4\.0[678] no-gzip
    BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
    
    # Make sure proxies don't deliver the wrong content
    Header append Vary User-Agent env=!dont-vary
    </IfModule>
    
    #Alternative caching using Apache's "mod_headers", if it's installed.
    #Caching of common files - ENABLED
    <IfModule mod_headers.c>
    <FilesMatch "\.(ico|pdf|flv|swf|js|css|gif|png|jpg|jpeg|txt|woff2|woff)$">
    Header set Cache-Control "max-age=31536000, public"
    </FilesMatch>
    </IfModule>
    
    <IfModule mod_headers.c>
      <FilesMatch "\.(js|css|xml|gz)$">
        Header append Vary Accept-Encoding
      </FilesMatch>
    </IfModule>
    
    # Set Keep Alive Header
    <IfModule mod_headers.c>
        Header set Connection keep-alive
    </IfModule>
    
    # If your server don't support ETags deactivate with "None" (and remove header)
    <IfModule mod_expires.c> 
      <IfModule mod_headers.c> 
        Header unset ETag 
      </IfModule> 
      FileETag None 
    </IfModule>
    
    <IfModule mod_headers.c>
    <FilesMatch ".(js|css|xml|gz|html|woff|woff2|ttf)$">
    Header append Vary: Accept-Encoding
    </FilesMatch>
    </IfModule>
    
    # ----------------------------------------------------------------------
    # | 7G Firewall for Security - Do not change this part @Update 2020
    # ----------------------------------------------------------------------
    # 7G FIREWALL v1.3 20200903
    # @ https://perishablepress.com/7g-firewall/
    
    # 7G:[CORE]
    ServerSignature Off
    Options -Indexes
    RewriteEngine On
    RewriteBase /
    
    # 7G:[QUERY STRING]
    <IfModule mod_rewrite.c>
    	RewriteCond %{QUERY_STRING} ([a-z0-9]{2000,}) [NC,OR]
    	RewriteCond %{QUERY_STRING} (/|%2f)(:|%3a)(/|%2f) [NC,OR]
    	RewriteCond %{QUERY_STRING} (/|%2f)(\*|%2a)(\*|%2a)(/|%2f) [NC,OR]
    	RewriteCond %{QUERY_STRING} (''
    |<|>|\^|\|\\|0x00|%00|%0d%0a) [NC,OR]
    	RewriteCond %{QUERY_STRING} (cmd|command)(=|%3d)(chdir|mkdir)(.*)(x20) [NC,OR]
    	RewriteCond %{QUERY_STRING} (ckfinder|fullclick|ckfinder|fckeditor) [NC,OR]
    	RewriteCond %{QUERY_STRING} (globals|mosconfig([a-z_]{1,22})|request)(=|\[) [NC,OR]
    	RewriteCond %{QUERY_STRING} (/|%2f)((wp-)?config)((\.|%2e)inc)?((\.|%2e)php) [NC,OR]
    	RewriteCond %{QUERY_STRING} (thumbs?(_editor|open)?|tim(thumbs?)?)((\.|%2e)php) [NC,OR]
    	RewriteCond %{QUERY_STRING} (absolute_|base|root_)(dir|path)(=|%3d)(ftp|https?) [NC,OR]
    	RewriteCond %{QUERY_STRING} (localhost|loopback|127(\.|%2e)0(\.|%2e)0(\.|%2e)1) [NC,OR]
    	RewriteCond %{QUERY_STRING} (s)?(ftp|inurl|php)(s)?(:(/|%2f|%u2215)(/|%2f|%u2215)) [NC,OR]
    	RewriteCond %{QUERY_STRING} (\.|20)(get|the)(_|%5f)(permalink|posts_page_url)(\(|%28) [NC,OR]
    	RewriteCond %{QUERY_STRING} ((boot|win)((\.|%2e)ini)|etc(/|%2f)passwd|self(/|%2f)environ) [NC,OR]
    	RewriteCond %{QUERY_STRING} (((/|%2f){3,3})|((\.|%2e){3,3})|((\.|%2e){2,2})(/|%2f|%u2215)) [NC,OR]
    	RewriteCond %{QUERY_STRING} (benchmark|char|exec|fopen|function|html)(.*)(\(|%28)(.*)(\)|%29) [NC,OR]
    	RewriteCond %{QUERY_STRING} (php)([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}) [NC,OR]
    	RewriteCond %{QUERY_STRING} (e|%65|%45)(v|%76|%56)(a|%61|%31)(l|%6c|%4c)(.*)(\(|%28)(.*)(\)|%29) [NC,OR]
    	RewriteCond %{QUERY_STRING} (/|%2f)(=|%3d|$&|_mm|cgi(\.|-)|inurl(:|%3a)(/|%2f)|(mod|path)(=|%3d)(\.|%2e)) [NC,OR]
    	RewriteCond %{QUERY_STRING} (<|%3c)(.*)(e|%65|%45)(m|%6d|%4d)(b|%62|%42)(e|%65|%45)(d|%64|%44)(.*)(>|%3e) [NC,OR]
    	RewriteCond %{QUERY_STRING} (<|%3c)(.*)(i|%69|%49)(f|%66|%46)(r|%72|%52)(a|%61|%41)(m|%6d|%4d)(e|%65|%45)(.*)(>|%3e) [NC,OR]
    	RewriteCond %{QUERY_STRING} (<|%3c)(.*)(o|%4f|%6f)(b|%62|%42)(j|%4a|%6a)(e|%65|%45)(c|%63|%43)(t|%74|%54)(.*)(>|%3e) [NC,OR]
    	RewriteCond %{QUERY_STRING} (<|%3c)(.*)(s|%73|%53)(c|%63|%43)(r|%72|%52)(i|%69|%49)(p|%70|%50)(t|%74|%54)(.*)(>|%3e) [NC,OR]
    	RewriteCond %{QUERY_STRING} (\+|%2b|%20)(d|%64|%44)(e|%65|%45)(l|%6c|%4c)(e|%65|%45)(t|%74|%54)(e|%65|%45)(\+|%2b|%20) [NC,OR]
    	RewriteCond %{QUERY_STRING} (\+|%2b|%20)(i|%69|%49)(n|%6e|%4e)(s|%73|%53)(e|%65|%45)(r|%72|%52)(t|%74|%54)(\+|%2b|%20) [NC,OR]
    	RewriteCond %{QUERY_STRING} (\+|%2b|%20)(s|%73|%53)(e|%65|%45)(l|%6c|%4c)(e|%65|%45)(c|%63|%43)(t|%74|%54)(\+|%2b|%20) [NC,OR]
    	RewriteCond %{QUERY_STRING} (\+|%2b|%20)(u|%75|%55)(p|%70|%50)(d|%64|%44)(a|%61|%41)(t|%74|%54)(e|%65|%45)(\+|%2b|%20) [NC,OR]
    	RewriteCond %{QUERY_STRING} (\\x00|(\"|%22|\'|%27)?0(\"|%22|\'|%27)?(=|%3d)(\"|%22|\'|%27)?0|cast(\(|%28)0x|or%201(=|%3d)1) [NC,OR]
    	RewriteCond %{QUERY_STRING} (g|%67|%47)(l|%6c|%4c)(o|%6f|%4f)(b|%62|%42)(a|%61|%41)(l|%6c|%4c)(s|%73|%53)(=|[|%[0-9A-Z]{0,2}) [NC,OR]
    	RewriteCond %{QUERY_STRING} (_|%5f)(r|%72|%52)(e|%65|%45)(q|%71|%51)(u|%75|%55)(e|%65|%45)(s|%73|%53)(t|%74|%54)(=|[|%[0-9A-Z]{2,}) [NC,OR]
    	RewriteCond %{QUERY_STRING} (j|%6a|%4a)(a|%61|%41)(v|%76|%56)(a|%61|%31)(s|%73|%53)(c|%63|%43)(r|%72|%52)(i|%69|%49)(p|%70|%50)(t|%74|%54)(:|%3a)(.*)(;|%3b|\)|%29) [NC,OR]
    	RewriteCond %{QUERY_STRING} (b|%62|%42)(a|%61|%41)(s|%73|%53)(e|%65|%45)(6|%36)(4|%34)(_|%5f)(e|%65|%45|d|%64|%44)(e|%65|%45|n|%6e|%4e)(c|%63|%43)(o|%6f|%4f)(d|%64|%44)(e|%65|%45)(.*)(\()(.*)(\)) [NC,OR]
    	RewriteCond %{QUERY_STRING} (@copy|\$_(files|get|post)|allow_url_(fopen|include)|auto_prepend_file|blexbot|browsersploit|(c99|php)shell|curl(_exec|test)|disable_functions?|document_root|elastix|encodeuricom|exploit|fclose|fgets|file_put_contents|fputs|fsbuff|fsockopen|gethostbyname|grablogin|hmei7|input_file|null|open_basedir|outfile|passthru|phpinfo|popen|proc_open|quickbrute|remoteview|root_path|safe_mode|shell_exec|site((.){0,2})copier|sux0r|trojan|user_func_array|wget|xertive) [NC,OR]
    	RewriteCond %{QUERY_STRING} (;|<|>|\'|\"|\)|%0a|%0d|%22|%27|%3c|%3e|%00)(.*)(/\*|alter|base64|benchmark|cast|char|concat|convert|create|encode|declare|delete|drop|insert|md5|order|request|script|select|set|union|update) [NC,OR]
    	RewriteCond %{QUERY_STRING} ((\+|%2b)(concat|delete|get|select|union)(\+|%2b)) [NC,OR]
    	RewriteCond %{QUERY_STRING} (union)(.*)(select)(.*)(\(|%28) [NC,OR]
    	RewriteCond %{QUERY_STRING} (concat)(.*)(\(|%28) [NC]
    	RewriteRule .* - [F,L]
    	# RewriteRule .* /7G_log.php?log [END,NE,E=7G_QUERY_STRING:%1___%2___%3]
    </IfModule>
    
    # 7G:[REQUEST URI]
    <IfModule mod_rewrite.c>
    	RewriteCond %{REQUEST_URI} ([a-z0-9]{2000,}) [NC,OR]
    	RewriteCond %{REQUEST_URI} (=?\\(\'|%27)/?)(\.) [NC,OR]
    	RewriteCond %{REQUEST_URI} (\^|''|<|>|%|\\|\{|\}|\|) [NC,OR]
    	RewriteCond %{REQUEST_URI} (/)(\*|\"|\'|\.|,|&|&?)/?$ [NC,OR]
    	RewriteCond %{REQUEST_URI} (\.)(php)(\()?([0-9]+)(\))?(/)?$ [NC,OR]
    	RewriteCond %{REQUEST_URI} (/)(vbulletin|boards|vbforum)(/)? [NC,OR]
    	RewriteCond %{REQUEST_URI} (\.(s?ftp-?)config|(s?ftp-?)config\.) [NC,OR]
    	RewriteCond %{REQUEST_URI} (\{0\}|\"?0\"?=\"?0|\(/\(|\.\.\.|\+\+\+|\\\") [NC,OR]
    	RewriteCond %{REQUEST_URI} (thumbs?(_editor|open)?|tim(thumbs?)?)(\.php) [NC,OR]
    	RewriteCond %{REQUEST_URI} (/)(fck|ckfinder|fullclick|ckfinder|fckeditor) [NC,OR]
    	RewriteCond %{REQUEST_URI} (\.|20)(get|the)(_)(permalink|posts_page_url)(\() [NC,OR]
    	RewriteCond %{REQUEST_URI} (///|\?\?|/&&|/\*(.*)\*/|/:/|\\\\|0x00|%00|%0d%0a) [NC,OR]
    	RewriteCond %{REQUEST_URI} (/%7e)(root|ftp|bin|nobody|named|guest|logs|sshd)(/) [NC,OR]
    	RewriteCond %{REQUEST_URI} (/)(etc|var)(/)(hidden|secret|shadow|ninja|passwd|tmp)(/)?$ [NC,OR]
    	RewriteCond %{REQUEST_URI} (s)?(ftp|http|inurl|php)(s)?(:(/|%2f|%u2215)(/|%2f|%u2215)) [NC,OR]
    	RewriteCond %{REQUEST_URI} (/)(=|\$&?|&?(pws|rk)=0|_mm|_vti_|cgi(\.|-)?|(=|/|;|,)nt\.) [NC,OR]
    	RewriteCond %{REQUEST_URI} (\.)(ds_store|htaccess|htpasswd|init?|mysql-select-db)(/)?$ [NC,OR]
    	RewriteCond %{REQUEST_URI} (/)(bin)(/)(cc|chmod|chsh|cpp|echo|id|kill|mail|nasm|perl|ping|ps|python|tclsh)(/)?$ [NC,OR]
    	RewriteCond %{REQUEST_URI} (/)(::[0-9999]|%3a%3a[0-9999]|127\.0\.0\.1|localhost|loopback|makefile|pingserver|wwwroot)(/)? [NC,OR]
    	RewriteCond %{REQUEST_URI} (\(null\)|\{\$itemURL\}|cAsT\(0x|echo(.*)kae|etc/passwd|eval\(|self/environ|\+union\+all\+select) [NC,OR]
    	RewriteCond %{REQUEST_URI} (/)(awstats|(c99|php|web)shell|document_root|error_log|listinfo|muieblack|remoteview|site((.){0,2})copier|sqlpatch|sux0r) [NC,OR]
    	RewriteCond %{REQUEST_URI} (/)((php|web)?shell|crossdomain|fileditor|locus7|nstview|php(get|remoteview|writer)|r57|remview|sshphp|storm7|webadmin)(.*)(\.|\() [NC,OR]
    	RewriteCond %{REQUEST_URI} (/)(author-panel|bitrix|class|database|(db|mysql)-?admin|filemanager|htdocs|httpdocs|https?|mailman|mailto|msoffice|mysql|_?php-?my-?admin(.*)|tmp|undefined|usage|var|vhosts|webmaster|www)(/) [NC,OR]
    	RewriteCond %{REQUEST_URI} (\.)(7z|ab4|afm|aspx?|bash|ba?k?|bz2|cfg|cfml?|cgi|ctl|dat|db|dll|eml|et2|exe|fec|fla|hg|inc|ini|inv|jsp|log|lqd|mbf|mdb|mmw|mny|old|one|out|passwd|pdb|pl|psd|pst|ptdb|pwd|py|qbb|qdf|rar|rdf|sdb|sql|sh|soa|swf|swl|swp|stx|tar|tax|tgz|tls|tmd|wow|zlib)$ [NC,OR]
    	RewriteCond %{REQUEST_URI} (base64_(en|de)code|benchmark|child_terminate|curl_exec|e?chr|eval|function|fwrite|(f|p)open|html|leak|passthru|p?fsockopen|phpinfo|posix_(kill|mkfifo|setpgid|setsid|setuid)|proc_(close|get_status|nice|open|terminate)|(shell_)?exec|system)(.*)(\()(.*)(\)) [NC,OR]
    	RewriteCond %{REQUEST_URI} (/)(^$|00.temp00|0day|3xp|70bex?|admin_events|bkht|(php|web)?shell|configbak|curltest|db|dompdf|filenetworks|hmei7|index\.php/index\.php/index|jahat|kcrew|keywordspy|mobiquo|mysql|nessus|php-?info|racrew|sql|vuln|webconfig|(wp-)?conf(ig)?(uration)?|xertive)(\.php) [NC]
    	RewriteRule .* - [F,L]
    	# RewriteRule .* /7G_log.php?log [END,NE,E=7G_REQUEST_URI:%1___%2___%3]
    </IfModule>
    
    # 7G:[USER AGENT]
    <IfModule mod_rewrite.c>
    	RewriteCond %{HTTP_USER_AGENT} ([a-z0-9]{2000,}) [NC,OR]
    	RewriteCond %{HTTP_USER_AGENT} (<|%0a|%0d|%27|%3c|%3e|%00|0x00) [NC,OR]
    	RewriteCond %{HTTP_USER_AGENT} ((c99|php|web)shell|remoteview|site((.){0,2})copier) [NC,OR]
    	RewriteCond %{HTTP_USER_AGENT} (base64_decode|bin/bash|disconnect|eval|lwp-download|unserialize|\\\x22) [NC,OR]
    	RewriteCond %{HTTP_USER_AGENT} (360Spider|acapbot|acoonbot|ahrefs|alexibot|asterias|attackbot|backdorbot|becomebot|binlar|blackwidow|blekkobot|blexbot|blowfish|bullseye|bunnys|butterfly|careerbot|casper|checkpriv|cheesebot|cherrypick|chinaclaw|choppy|clshttp|cmsworld|copernic|copyrightcheck|cosmos|crescent|cy_cho|datacha|demon|diavol|discobot|dittospyder|dotbot|dotnetdotcom|dumbot|emailcollector|emailsiphon|emailwolf|exabot|extract|eyenetie|feedfinder|flaming|flashget|flicky|foobot|g00g1e|getright|gigabot|go-ahead-got|gozilla|grabnet|grafula|harvest|heritrix|httrack|icarus6j|jetbot|jetcar|jikespider|kmccrew|leechftp|libweb|linkextractor|linkscan|linkwalker|loader|masscan|miner|majestic|mechanize|mj12bot|morfeus|moveoverbot|netmechanic|netspider|nicerspro|nikto|ninja|nutch|octopus|pagegrabber|planetwork|postrank|proximic|purebot|pycurl|python|queryn|queryseeker|radian6|radiation|realdownload|rogerbot|scooter|seekerspider|semalt|siclab|sindice|sistrix|sitebot|siteexplorer|sitesnagger|skygrid|smartdownload|snoopy|sosospider|spankbot|spbot|sqlmap|stackrambler|stripper|sucker|surftbot|sux0r|suzukacz|suzuran|takeout|teleport|telesoft|true_robots|turingos|turnit|vampire|vikspider|voideye|webleacher|webreaper|webstripper|webvac|webviewer|webwhacker|winhttp|wwwoffle|woxbot|xaldon|xxxyy|yamanalab|yioopbot|youda|zeus|zmeu|zune|zyborg) [NC]
    	RewriteRule .* - [F,L]
    	# RewriteRule .* /7G_log.php?log [END,NE,E=7G_USER_AGENT:%1]
    </IfModule>
    
    # 7G:[REMOTE HOST]
    <IfModule mod_rewrite.c>
    	RewriteCond %{REMOTE_HOST} (163data|amazonaws|colocrossing|crimea|g00g1e|justhost|kanagawa|loopia|masterhost|onlinehome|poneytel|sprintdatacenter|reverse.softlayer|safenet|ttnet|woodpecker|wowrack) [NC]
    	RewriteRule .* - [F,L]
    	# RewriteRule .* /7G_log.php?log [END,NE,E=7G_REMOTE_HOST:%1]
    </IfModule>
    
    # 7G:[HTTP REFERRER]
    <IfModule mod_rewrite.c>
    	RewriteCond %{HTTP_REFERER} (semalt.com|todaperfeita) [NC,OR]
    	RewriteCond %{HTTP_REFERER} (ambien|blue\spill|cocaine|ejaculat|erectile|erections|hoodia|huronriveracres|impotence|levitra|libido|lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby|ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo) [NC]
    	RewriteRule .* - [F,L]
    	# RewriteRule .* /7G_log.php?log [END,NE,E=7G_HTTP_REFERRER:%1]
    </IfModule>
    
    # 7G:[REQUEST METHOD]
    <IfModule mod_rewrite.c>
    	RewriteCond %{REQUEST_METHOD} ^(connect|debug|move|trace|track) [NC]
    	RewriteRule .* - [F,L]
    	# RewriteRule .* /7G_log.php?log [END,NE,E=7G_REQUEST_METHOD:%1]
    </IfModule>
    
    #################################################################
    # 7G Addon: Stop Aggressive Scanning for Uploads-Related Targets
    # https://perishablepress.com/stop-aggressive-scanning-uploads/
    #################################################################
    
    <IfModule mod_rewrite.c>
    
    	# RewriteCond %{REQUEST_URI} /php(unit)?/ [NC,OR]
    	# RewriteCond %{REQUEST_URI} \.(aspx?|env|git(ignore)?|phtml|rar|well-known) [NC,OR]
    	# RewriteCond %{REQUEST_URI} /(cms|control_panel|dashboard|home_url=|lr-admin|manager|panel|staff|webadmin) [NC,OR]
    	# RewriteCond %{REQUEST_URI} /(adm(in)?|blog|cache|checkout|controlpanel|ecommerce|export|magento(-1|web)?|market(place)?|mg|onli(n|k)e|orders?|shop|tmplconnector|uxm|web?store)/ [NC,OR]
    	
    	RewriteCond %{REQUEST_URI} (_timthumb_|timthumb.php) [NC,OR]
    	RewriteCond %{REQUEST_URI} /(install|wp-config|xmlrpc)\.php [NC,OR]
    	RewriteCond %{REQUEST_URI} /(uploadify|uploadbg|up__uzegp)\.php [NC,OR]
    	RewriteCond %{REQUEST_URI} /(comm\.js|mysql-date-function|simplebootadmin|vuln\.htm|www\.root\.) [NC,OR]
    	RewriteCond %{REQUEST_URI} /(admin-uploadify|fileupload|jquery-file-upload|upload_file|upload|uploadify|webforms)/ [NC,OR]
    	RewriteCond %{REQUEST_URI} /(ajax_pluginconf|apikey|connector(.minimal)?|eval-stdin|f0x|login|router|setup-config|sssp|vuln|xattacker)\.php [NC]
    	
    	RewriteRule .* - [F,L]
    	
    </IfModule>
    
    # ----------------------------------------------------------------------
    #   Block WordPress files from outside access
    # ----------------------------------------------------------------------	
    
    # No access to the install.php
    <files install.php>
    Order allow,deny
    Deny from all
    </files>
     
    # No access to the wp-config.php 
    <files wp-config.php>
    Order allow,deny
    Deny from all
    </files>
     
    # No access to the readme.html
    <files readme.html>
     Order Allow,Deny
     Deny from all
     Satisfy all
    </Files>
     
    # No access to the liesmich.html for DE Edition
    <Files liesmich.html>
     Order Allow,Deny
     Deny from all
     Satisfy all
    </Files>
     
    # No error log access 
    <files error_log>
    Order allow,deny
    Deny from all
    </files>
    
    #No access to the .htaccess und .htpasswd
    <FilesMatch "(\.htaccess|\.htpasswd)">
      Order deny,allow
      Deny from all
    </FilesMatch>
    
    # Block access to includes folder
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^wp-admin/includes/ - [F,L]
    RewriteRule !^wp-includes/ - [S=3]
    RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
    RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
    RewriteRule ^wp-includes/theme-compat/ - [F,L]
    </IfModule>
    
    # ----------------------------------------------------------------------
    # | Blocking the »ReallyLongRequest« Bandit - New in 2018  
    #   https://perishablepress.com/blocking-reallylongrequest-bandit/
    # ----------------------------------------------------------------------
    
    <IfModule mod_rewrite.c>
        RewriteCond %{REQUEST_METHOD} .* [NC]
        RewriteCond %{THE_REQUEST}  (YesThisIsAReallyLongRequest|ScanningForResearchPurpose) [NC,OR]
        RewriteCond %{QUERY_STRING} (YesThisIsAReallyLongRequest|ScanningForResearchPurpose) [NC]
        RewriteRule .* - [F,L]
    </IfModule>
    
    # --------------------------------------------------------------------------------------------
    #   Ultimate hotlink protection - IMPORTANT: Change »?domain\« in line 361 to your domain name
    #   Example: ?andreas-hecht\ ### if you do not use https, change https in line 361 to http
    # --------------------------------------------------------------------------------------------
    
    <IfModule mod_rewrite.c>
     RewriteEngine on
     RewriteCond %{HTTP_REFERER}     !^$
     RewriteCond %{REQUEST_FILENAME} -f
      RewriteCond %{HTTP_REFERER}     !^https?://([^.]+\.)?foto.bildermann\. [NC]
     RewriteRule \.(gif|jpe?g?|png)$                             - [F,NC,L]
    </ifModule>
    
    # ----------------------------------------------------------------------
    #   Protect your WordPress Login with HTTP Authentification
    # ----------------------------------------------------------------------
    
    # If you want to use it, comment it out and set your path to .htpasswd
    #<Files wp-login.php>
    #AuthName "Admin-Bereich"
    #AuthType Basic
    #AuthUserFile /usr/local/www/apache24/your-path/your-domain.com/.htpasswd 
    #require valid-user
    #</Files>
    
    # ----------------------------------------------------------------------
    #   Switch off the security risk XML-RPC interface completely
    # ----------------------------------------------------------------------
    
    ### @see https://digwp.com/2009/06/xmlrpc-php-security/
    
    <Files xmlrpc.php>
     Order Deny,Allow
     Deny from all
    </Files>
    
    # -----------------------------------------------------------------------------
    #  HTTP SECURITY HEADER | Test on: https://securityheaders.com | UPDATE 2020
    # -----------------------------------------------------------------------------
    
    ### @see https://scotthelme.co.uk/hardening-your-http-response-headers
    ### UPDATE 2020
    
    ## No-Referrer-Header
    <IfModule mod_headers.c>
        Header set Referrer-Policy "no-referrer"
    </IfModule>
    
    ## Strict Origin when cross origin Header
    #@see https://scotthelme.co.uk/a-new-security-header-referrer-policy/
    <IfModule mod_headers.c>
    Header set Referrer-Policy "strict-origin-when-cross-origin"
    </IfModule>
    
    ## X-FRAME-OPTIONS-Header
    <IfModule mod_headers.c>
        Header set X-Frame-Options "sameorigin"
    </IfModule>
    
    ## X-XSS-PROTECTION-Header
    <IfModule mod_headers.c>
        Header set X-XSS-Protection "1; mode=block"
    </IfModule>
    
    ## X-Content-Type-Options-Header
    <IfModule mod_headers.c>
        Header set X-Content-Type-Options "nosniff"
    </IfModule>
    
    ## Strict-Transport-Security-Header - for HTTPS
    <IfModule mod_headers.c>
       Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
    </IfModule>
    
    ## This prevents that false issued certificates for this website can be used unnoticed. (Experimental)
    ## @see https://tools.ietf.org/html/draft-ietf-httpbis-expect-ct-02
    <IfModule mod_headers.c>
       Header set Expect-CT "enforce, max-age=21600"	
    </IfModule>
    
    # ----------------------------------------------------------------------
    # The original WordPress Rewrite Rules - Do not change anything here, 
    # except you are using a WordPress Multisite
    # ----------------------------------------------------------------------
    
    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    # END WordPress
    
    • Diese Antwort wurde geändert vor 3 Wochen, 6 Tage von Bego Mario Garde.
    • Diese Antwort wurde geändert vor 3 Wochen, 6 Tage von Bego Mario Garde.
    • Diese Antwort wurde geändert vor 3 Wochen, 6 Tage von Bego Mario Garde.
    • Diese Antwort wurde geändert vor 3 Wochen, 6 Tage von Bego Mario Garde. Grund: Codeformatierung
    • Diese Antwort wurde geändert vor 3 Wochen, 6 Tage von Zittau.

    Ich hatte nicht erwartet, dass die Dateien so lang sind und musste sie erst einmal ein wenig formatieren. Ich hoffe, dabei ist nichts durcheinandergeraten, aber die Dateien scheinen abgesehen vom Dateinamen identisch zu sein.

    Im Wesentlichen handelt es sich um Einträge des Cache-Plugins und des Sicherheits-Plugins, die du benutzt. Ich würde davon ausgehen, dass die Einträge des Sicherheits-Plugins zu restriktiv sind.

    Um überhaupt erstmal wieder die Website ans Laufen zu bekommen, würde ich die .htaccess in no.htaccess umbenennen und das Verzeichnis des Plugin mit der „7G Firewall for Security“ im Verzeichnis wp-content/plugins umbenennen. Du sollest dann wieder ins Backend kommen und kannst dort unter Einstellungen > Permalinks erst einmal eine neue .htaccess mit den nötigen Permalink-Einstellungen anlegen. Danach würde ich das Cache-Plugin neu installieren und einrichten und zuletzt – vorausgesetzt du möchtest dieses Sicherheits-Plugin weiter nutzen – das Plugin 7G Firewall for Security wieder installieren und die Einstellungen mit großer Sorgfalt auswählen.

    Mir fehlt ein wenig die Zeit, um durch die Regeln in der .htaccess im Einzelnen durchzugehen – das sind immerhin über 600 Zeilen Code.

    Noch ein Hinweis: ich kenne dieses Sicherheits-Plugin nicht, aber es ist gut möglich, dass auch Änderungen an der wp-config.php vorgenommen wurden. Solltest du nach Umbenennen der .htaccess nicht ins Backend kommen, solltest du das auch noch prüfen.

    Thread-Ersteller Zittau

    (@zittau)

    @pixolin

    Herzlichen Dank.

    Ich würde davon ausgehen, dass die Einträge des Sicherheits-Plugins zu restriktiv sind.

    Bis vor kurzem funktionierte die Webseite und die Einwahl ins Backend einwandfrei. Auch verwende ich ohne Probleme genau diese .htacces für drei weitere WP-Webseiten.

    und zuletzt – vorausgesetzt du möchtest dieses Sicherheits-Plugin weiter nutzen – das Plugin 7G Firewall for Security wieder installieren

    Ein Plugin „Plugin 7G Firewall for Security“ verwende ich nicht, sondern die „NinjaFirewall (WP Edition)”. Allerdins kann ich die NinjaFirewall im Pluginordner nicht mehr finden, was mir rätselhaft ist!

    Frag doch mal beim Webhoster nach?
    Gut möglich, dass sie einerseits ihr eigenes Firewall-Plugin verwenden und andererseits kenne ich auch Fälle, bei denen Webhoster Plugins entfernt haben, weil sie den Server zu sehr belastet haben oder Sicherheitslücken hatten.

    Ich verwende aus Gründen gar keine Sicherheits-Plugins. Vielleicht kann Hans-Gerd dir noch einen Tipp zur Ninja Firewall geben. Soviel ich weiß, nutzt @hage das Plugin selber.

    Thread-Ersteller Zittau

    (@zittau)

    @pixolin

    Danke für den Hinweis. Ich werde bei „all-inkl“ anrufen.

    Ich habe gerade, bis auf das Notwendigste – siehe

    # ———————————————————————-
    # The original WordPress Rewrite Rules – Do not change anything here,
    # except you are using a WordPress Multisite
    # ———————————————————————-

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ – [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    # END WordPress

    alles aus der .htaccess entfernt. Der Fehler bleibt bestehen …

    • Diese Antwort wurde geändert vor 3 Wochen, 6 Tage von Zittau.
    • Diese Antwort wurde geändert vor 3 Wochen, 6 Tage von Zittau.
    Thread-Ersteller Zittau

    (@zittau)

    Vielleicht kann Hans-Gerd dir noch einen Tipp zur Ninja Firewall geben.

    Heute Abend hält bei WP Meetup Dresden Marc Nilius einen Vortrag zur Ninja Firewall. Ich werde ihn dazu mal befragen …

    Teile doch mal den Inhalt der wp-config.php.
    Vor dem Absenden bitte die Zugangsdaten zur Datenbank und die SALT-Keys löschen.

    Einen Link zur Website haben wir leider immer noch nicht … 

    Hast du mal geprüft, ob die Datenbank-Tabellen noch vorhanden sind?

    Hallo @zittau,
    ich kann mir nicht vorstellen, dass das Problem durch das Plugin NinjaFirewall verursacht wurde. Das klingt in der Tat eher nach einem Fehler in der wp-config.php. Daher wäre es in der Tat gut, wenn du den Inhalt der Daten hier mal postest (ohne Zugangsdaten zur Datenbank und SALT-Keys). Schau doch auch mal über phpMyAdmin nach, ob die Datenbank noch mit allen notwendigen Tabellen existiert.
    Viele Grüße
    Hans-Gerd

    Thread-Ersteller Zittau

    (@zittau)

    Da ich heute keine Zeit mehr dazu finde, habe ich interimsweise in die index.html einen Hinweis eingestellt sowie hier eine Umleitung von der betroffenen SubDomain auf meine Hauptseite eingerichtet.

    Ich melde mich zeitigstens dann morgen (Dienstag) wieder.

    Danke für die Hilfe mit den Tipps,
    Karl

    • Diese Antwort wurde geändert vor 3 Wochen, 6 Tage von Zittau.
    • Diese Antwort wurde geändert vor 3 Wochen, 6 Tage von Zittau.
    • Diese Antwort wurde geändert vor 3 Wochen, 6 Tage von Zittau.

    … habe ich interimsweise in die index.html einen Hinweis eingestellt sowie hier eine Umleitung von der betroffenen SubDomain …

    Für einen Moment habe ich die Luft angehalten, weil ich dachte, du hättest „nach hier“ (=hierhin) umgeleitet. „Meine Website ist kaputt, Näheres erklärt der Support …“ 😀

    Schau’n wir mal, ob wir dir Morgen weiterhelfen können.

    Thread-Ersteller Zittau

    (@zittau)

    Hallo,

    jetzt habe ich mir bei der Fehlersuche/-behebung ’nen schicken „500 Internal Server Error“ erzeugt und weiß nun nicht richtig mehr weiter …

    Hier meine wp-config.php

    <?php
    define( 'WP_CACHE', true );
    /**
     * The base configurations of the WordPress.
     *
     * This file has the following configurations: MySQL settings, Table Prefix,
     * Secret Keys, WordPress Language, and ABSPATH. You can find more information by
     * visiting {@link http://codex.wordpress.org/Editing_wp-config.php Editing
     * wp-config.php} Codex page. You can get the MySQL settings from your web host.
     *
     * This file is used by the wp-config.php creation script during the
     * installation. You don't have to use the web site, you can just copy this file
     * to "wp-config.php" and fill in the values.
     *
     * @package WordPress
     */
    // ** MySQL settings - You can get this info from your web host ** //
    /** The name of the database for WordPress */
    define('DB_NAME', 'geheim');
    
    /** MySQL database username */
    define('DB_USER', 'geheim');
    
    /** MySQL database password */
    define('DB_PASSWORD', 'geheim');
    
    /** MySQL hostname */
    define('DB_HOST', 'localhost');
    /** Database Charset to use in creating database tables. */
    define('DB_CHARSET', 'utf8');
    /** The Database Collate type. Don't change this if in doubt. */
    define('DB_COLLATE', '');
    /**#@+
     * Sicherheitsschlüssel
     *
     * Ändere jeden untenstehenden Platzhaltertext in eine beliebige,
     * möglichst einmalig genutzte Zeichenkette.
     * Auf der Seite {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
     * kannst du dir alle Schlüssel generieren lassen.
     * Du kannst die Schlüssel jederzeit wieder ändern, alle angemeldeten
     * Benutzer müssen sich danach erneut anmelden.
     *
     * @since 2.6.0
     */
    define('AUTH_KEY',         'geheim');
    define('SECURE_AUTH_KEY',  'geheim');
    define('LOGGED_IN_KEY',    'geheim');
    define('NONCE_KEY',        'geheim');
    define('AUTH_SALT',        'geheim');
    define('SECURE_AUTH_SALT', 'geheim');
    define('LOGGED_IN_SALT',   'geheim');
    define('NONCE_SALT',       'geheim');
    /**#@-*/
    /**
     * WordPress Database Table prefix.
     *
     * You can have multiple installations in one database if you give each a unique
     * prefix. Only numbers, letters, and underscores please!
     */
    $table_prefix  = 'wp_';
    /**
     * WordPress Localized Language, defaults to English.
     *
     * Change this to localize WordPress.  A corresponding MO file for the chosen
     * language must be installed to wp-content/languages. For example, install
     * de.mo to wp-content/languages and set WPLANG to 'de' to enable German
     * language support.
     */
    define ('WPLANG', 'de_DE');
    define ('FS_METHOD', 'direct');
    define('WP_DEBUG', false);
    /** //--- disable auto upgrade
    define( 'AUTOMATIC_UPDATER_DISABLED', true ); */
    /** Um automatische Updates für Hauptversionen oder für Entwicklungszwecke zu aktivieren, nutzt man am besten die Konstante WP_AUTO_UPDATE_CORE. Drei unterschiedliche Wege diese Konstante zu definieren ermöglichen das pauschale Aktivieren, oder pauschale Deaktivieren unterschiedlicher Typen von Core Updates auf einmal.
    - Wert true - Updates der Entwickler-, Unter- und Hauptversionen werden alle aktiviert
    - Wert false - Updates der Entwickler-, Unter- und Hauptversionen werden alle deaktiviert
    - Wert minor - Updates der Unterversionen werden aktiviert, Entwickler- und Hauptversionen hingegen deaktiviert
    Quelle: https://codex.wordpress.org/de:Automatische_Hintergrund_Updates_einstellen */
    define ('WP_AUTO_UPDATE_CORE', true);
    /* #######################################################################
    Von mir am 12.11.2017 eingefügt: DATEIBEARBEITUNG im Dashboard ausschalten
    ####################################################################### */
    define('DISALLOW_FILE_EDIT', true);
    
    /* That's all, stop editing! Happy blogging. */
    /** WordPress absolute path to the WordPress directory. */
    if ( !defined('ABSPATH') )
    	define('ABSPATH', dirname(__FILE__) . '/');
    /** Sets up WordPress vars and included files. */
    require_once(ABSPATH . 'wp-settings.php');

    Hier dazu die SubDomain: https://foto.bildermann.de/

    • Diese Antwort wurde geändert vor 3 Wochen, 5 Tage von Zittau.
    • Diese Antwort wurde geändert vor 3 Wochen, 5 Tage von Zittau.
Ansicht von 15 Antworten - 1 bis 15 (von insgesamt 18)