出于安全考虑，更改.htaccess后无法登录WordPress站点

时间：2012-07-09 作者：Modular

这是原件。htaccess在我的本地计算机上

    # Block the include-only files.
    RewriteEngine On
    RewriteBase /
    RewriteRule ^wp-admin/includes/ - [F,L]
    RewriteRule !^wp-includes/ - [S=3]
    RewriteRule ^wp-includes/js/tinymce/langs/.+\\.php - [F,L]
    RewriteRule ^wp-includes/theme-compat/ - [F,L]

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\\.php$ - [L]

    # uploaded files
    RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]

    # add a trailing slash to /wp-admin
    RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]

    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^ - [L]
    RewriteRule  ^[_0-9a-zA-Z-]+/(wp-(content|admin|includes).*) $1 [L]
    RewriteRule  ^[_0-9a-zA-Z-]+/(.*\\.php)$ $1 [L]
    RewriteRule . index.php [L]
    </IfModule>

    # END WordPress

这是服务器上联机站点的新设置。请帮帮我，因为我对这些一无所知。htaccess代码。为了让网站像在本地一样重新运行，但当然也包括保护良好的安全代码行，我必须去掉哪些部分，应该保留哪些部分？

    # Block the include-only files.
    RewriteEngine On
    RewriteBase /
    RewriteRule ^wp-admin/includes/ - [F,L]
    RewriteRule !^wp-includes/ - [S=3]
    RewriteRule ^wp-includes/js/tinymce/langs/.+\\.php - [F,L]
    RewriteRule ^wp-includes/theme-compat/ - [F,L]

    #disable hotlinking of images with forbidden or custom image option
    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://(www\\.)?yourdomain.com/.*$ [NC]
    #RewriteRule \\.(gif|jpg)$ – [F]
    RewriteRule \\.(gif|jpg)$ http://www.yourdomain.com/stealingisbad.gif [R,L]

    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{REQUEST_URI} .wp-comments-post\\.php*
    RewriteCond %{HTTP_REFERER} !.*yourblog.com.* [OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

    # protect wpconfig.php
    <Files wp-config.php>
    order allow,deny
    deny from all
    </Files>

    # disable directory browsing
    Options All -Indexes

    <Files ~ “^.*\\.([Hh][Tt][Aa])”>
    order allow,deny
    deny from all
    satisfy all
    </Files>

    Order deny,allow
    Deny from all
    <Files ~ ".(xml|css|jpe?g|png|gif|js)$">
    Allow from all
    </Files>

    # Protect the .htaccess
    <files .htaccess="">
    order allow,deny
    deny from all
    </files>

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\\.php$ - [L]

    # uploaded files
    RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]

    # add a trailing slash to /wp-admin
    RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]

    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^ - [L]
    RewriteRule  ^[_0-9a-zA-Z-]+/(wp-(content|admin|includes).*) $1 [L]
    RewriteRule  ^[_0-9a-zA-Z-]+/(.*\\.php)$ $1 [L]
    RewriteRule . index.php [L]
    </IfModule>

    # END WordPress

3 个回复

SO网友:MickeyRoush

amtik在查看需要解决的代码时是正确的。

Order deny,allow
Deny from all
<Files ~ ".(xml|css|jpe?g|png|gif|js)$">
Allow from all
</Files>

该代码最初只设计用于wp include和wp内容，而不是安装在WordPress的根目录中，但即使这样，它仍然会破坏主题和插件。此外，最好这样写：

Order Allow,Deny
<FilesMatch "\\.(xml|css|jpe?g|png|gif|js)$">
Allow from all
</FilesMatch>

但它需要在一个。wp includes和wp content目录中的htaccess文件。我建议你把它完全删除，看看你的网站是否有效。然后新建。为您的wp includes和wp content目录访问包含上述内容的htaccess文件，并查看是否有任何内容中断。很有可能有什么东西会破坏它，这取决于用户的浏览器是否需要这些目录中的内容。

SO网友:DrMosko

刚刚看到这篇文章是3年前写的，所以，也许它对某些人有用：(

首先，我假设你没有激活Multisite或WordPress MU，因为如果是这样，你不需要：

 <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\\.php$ - [L]

    # uploaded files
    RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]

    # add a trailing slash to /wp-admin
    RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]

    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^ - [L]
    RewriteRule  ^[_0-9a-zA-Z-]+/(wp-(content|admin|includes).*) $1 [L]
    RewriteRule  ^[_0-9a-zA-Z-]+/(.*\\.php)$ $1 [L]
    RewriteRule . index.php [L]
    </IfModule>

您的代码有问题：

重写规则，如RewriteEngine 需要在标签内

<IfModule mod_rewrite.c>
ur rules
</IfModule>

您的代码有误

Order deny,allow
Deny from all
<Files ~ ".(xml|css|jpe?g|png|gif|js)$">
Allow from all
</Files>

删除

 Order deny,allow
 Deny from all

添加以下内容Allow from all

Satisfy Any

你不需要限制htaccess，它已经是默认值，所以删除这些行（同样，htaccess不需要="" ):

# Protect the .htaccess
<files .htaccess="">
order allow,deny
deny from all
</files>

以及

<Files ~ “^.*\\.([Hh][Tt][Aa])”>
order allow,deny
deny from all
satisfy all
</Files>

此外，如果您仍希望上述功能发挥作用，则需要这样使用：

<Files ~ “^.*\\.([Hh][Tt][Aa])”>
Order Allow,Deny        
satisfy all
</Files>

而不是阻止Include

# Block the include-only files.
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/js/tinymce/langs/.+\\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]

用以下代码阻止整个wp admin文件夹在wp admin文件夹中创建htaccess文件：

order allow,deny
deny from all
allow from <your ip>

现在u说“为了安全起见，更改.htaccess后无法登录Wordpress网站”

    order allow,deny
    deny from all

that because those lines are missed placed （上述第2条）

SO网友:amit

更新：-（代码更新）

替换此

Order deny,allow
Deny from all
<Files ~ ".(xml|css|jpe?g|png|gif|js)$">
Allow from all
</Files>

使用

<Files ~ ".(xml|css|jpe?g|png|gif|js)$">
Order deny,allow
Deny from all
Allow from yourblog.com
</Files>

查看yourblog。com-仅允许您的域访问这些文件上述代码不起任何作用。默认情况下，每个人都可以访问这些文件，如果您拒绝，则没有人可以访问这些文件，即使是您自己的域。如果您正在寻找一个代码来阻止与图像以及JS/CSS文件的热链接，那么请使用最后给出的代码。

要阻止CSS、JS和图像文件的热链接，请使用以下代码。如果您希望阻止图像和CSS/JS文件的热链接，请使用以下代码。

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\\.)?mydomain.com/.*$ [NC]
RewriteRule \\.(gif|jpg|js|css)$ - [F]

NOTICE - 您已经在使用此代码阻止仅对图像文件jpg/gif的热链接。用给定的代码复制它，这样它也可以与JS和CSS一起使用。

结束

小码农CODE

出于安全考虑，更改.htaccess后无法登录WordPress站点

更新：-（代码更新）

相关推荐

在本地主机上使用WP作为外部SVN的多站点HTAccess？