我使用这样的 .htaccess 规则来强化 wordpress 并重定向到 https:
# Block IPS for login
<Files "wp-login.php">
Require all denied
Require ip xxx.xx.xx.xx
Require ip xxx.xx.xx.xx
</Files>
#Protect wp-config
<Files "wp-config.php">
Require all denied
</Files>
# Prevent directory browsing
Options All -Indexes
# Protect htaccess
<FilesMatch "^.*\.([Hh][Tt][Aa])">
Require all denied
</FilesMatch>
# Block Includes
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php \ - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>
# Block xmlrpc.php
<Files "xmlrpc.php">
Require all denied
</Files>
# Security related. Block browser access to log files
<Files ~ "\.log$">
Require all denied
</Files>
# Extra Security Headers
<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
Header set X-Frame-Options SAMEORIGIN
Header set X-Content-Type-Options nosniff
</IfModule>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^domainname\.lt$ [NC]
RewriteRule ^(.*)$ https://www.domainname.com/$1 [R=301,L]
RewriteCond %{HTTPS} !^on$
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
WordPress 安装在主目录中。现在我们计划在子文件夹 (public_html/de) 中安装第二个 wordpres 博客。新安装将有自己的 .htaccess 文件。对于这个新的 wordpress 安装,我们是否需要相同的强化规则,或者在主文件夹中有强化规则就足够了?