AdesBlog.com

WP Plugin: all-in-one htaccess plugin

leave comment 

I have talked numerous times about .htaccess on this blog before. Here are the posts:

• .htaccess basics
• Tip: Increase your blog’s chances to get Stumbled(Upon)
• How to redirect traffic that comes from certain URL to another
• Why you should redirect yourblog,com to www,yourblog,com

With .htaccess you can do so many things, but the risky part is almost all the time you need to edit your .htaccess file manually. However, now there is a special htaccess wp plugin for wordpress blogs that does so many things (full features are below the screenshot). All you need is “enable” a particular feature and it will rewrite your .htaccess file automatically.

Full Features

• Directory Protection
  Enable the DirectoryIndex Protection, preventing directory index listings and defaulting.
• Password Protect wp-login.php
  Requires a valid user/pass to access the login page
• Password Protect wp-admin
  Requires a valid user/pass to access any non-static (css, js, images) file in this directory.
• Protect wp-content
  Denies any Direct request for files ending in .php with a 403 Forbidden.
• Protect wp-includes
  Denies any Direct request for files ending in .php with a 403 Forbidden.
• Common Exploits
  Block common exploit requests with 403 Forbidden.
• Stop Hotlinking
  Denies any request for static files (images, css, etc) if referrer is not local site or empty.
• Safe Request Methods
  Denies any request not using GET,PROPFIND,POST,OPTIONS,PUT,HEAD
• Forbid Proxies
  Denies any POST Request using a Proxy Server. Can still access site, but not comment. See Perishable Press
• Real wp-comments-post.php
  Denies any POST attempt made to a non-existing wp-comments-post.php
• HTTP PROTOCOL
  Denies any badly formed HTTP PROTOCOL in the request, 0.9, 1.0, and 1.1 only
• SPECIFY CHARACTERS
  Denies any request for a url containing characters other than “a-zA-Z0-9.+/-?=&” - REALLY helps but may break your site depending on your links.
• BAD Content Length
  Denies any POST request that doesnt have a Content-Length Header
• BAD Content Type
  Denies any POST request with a content type other than application/x-www-form-urlencoded|multipart/form-data
• Directory Traversal
  Denies Requests containing ../ or ./. which is a directory traversal exploit attempt
• PHPSESSID Cookie
  Only blocks when a PHPSESSID cookie is sent by the user and it contains characters other than 0-9a-z - *** Safe, Use
• NO HOST:
  Denies requests that dont contain a HTTP HOST Header.
• Bogus Graphics Exploit
  Denies obvious exploit using bogus graphics
• No UserAgent, No Post
  Denies POST requests by blank user-agents. May prevent a small number of visitors from POSTING.
• No Referer, No Comment
  Denies any comment attempt with a blank HTTP_REFERER field, highly indicative of spam.
• Trackback Spam
  Denies obvious trackback spam. See Holy Shmoly!
• SSL-Only Site
  Redirects all non-SSL (https) requests to your https-enabled url
• Anti-Spam, Anti-Exploits
  Denies Obvious Spam and uses advanced mod_security protection

Go get it tiger! ;)

Plugin page: www.askapache.com/wordpress/htaccess-password-protect.html