blocking hacker scanning your website using various type of extension that is not running on your webserver

If you are running WordPress on Linux, most likely you won’t expect user hitting your website with .asp / .cfm / .jsp extension. When some hackers are trying to scan your site with all these non-sense requests, your webserver will be overloaded due to the 404 page is generated from wordpress.

To deal with this issue – we have written some re-write rules to tackle these requests before this is hitting onto the wordpress core.

RewriteCond %{REQUEST_URI} !^/index.php$
RewriteCond %{REQUEST_URI} !robots.txt$
RewriteCond %{REQUEST_URI} !wp-.*.php$ RewriteCond %{REQUEST_URI} !healthcheck.php$
RewriteRule .*\.(asp|aspx|ashx|asa|jsp|cfm|do|action|cer|exe|txt|htm|html|rar|zip|php)$ – [F,L,NC]

This entry was posted on Wednesday, April 10th, 2019 at 12:26 pm and is filed under Apache, Linux. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

VICOSYS

blocking hacker scanning your website using various type of extension that is not running on your webserver

Leave a Reply