blocking hacker scanning your website using various type of extension that is not running on your webserver

If you are running WordPress on Linux, most likely you won’t expect user hitting your website with .asp / .cfm / .jsp extension. When some hackers are trying to scan your site with all these non-sense requests, your webserver will be overloaded due to the 404 page is generated from wordpress.

To deal with this issue – we have written some re-write rules to tackle these requests before this is hitting onto the wordpress core.

RewriteCond %{REQUEST_URI} !^/index.php$
RewriteCond %{REQUEST_URI} !robots.txt$
RewriteCond %{REQUEST_URI} !wp-.*.php$ RewriteCond %{REQUEST_URI} !healthcheck.php$

RewriteRule .*\.(asp|aspx|ashx|asa|jsp|cfm|do|action|cer|exe|txt|htm|html|rar|zip|php)$ – [F,L,NC]

Leave a Reply