.htaccess

Set PHP handler accessPolicy (Request Restrictions) to Read in IIS

Disallow direct access to PHP files in wp-content/uploads/

Secure wp-content/uploads in Linux Apache and Windows Server IIS It’s recommended to disallow access to and execution of PHP files in wp-content/uploads folder. Preferably without the use of a security plugin. Blocking access to PHP files in WordPress wp-content/uploads folder is easily achieved with a .htaccess file on Linux Apache, or web.config accesssPolicy in Windows …

Disallow direct access to PHP files in wp-content/uploads/ Read More »

HTTP Basic authentication

Basic Authentication module for Windows Server IIS 10

Basic Authentication managed HTTP module for IIS 10 with virtual users support In my pursuit of a basic authentication alternative in IIS, other than the built-in Basic Authentication module or Helicon Ape, I came across Devbridge AzurePowerTools. It’s apparently one of few HTTP managed modules for IIS that enables HTTP Basic Authentication with support for …

Basic Authentication module for Windows Server IIS 10 Read More »

Security?

WordPress .htaccess security best practices in Apache 2.4.6+

Apache Access Control done right in WordPress .htaccess, ‘Allow/Deny from all’ versus ‘Require All Granted/Denied’ Since Apache 2.4.6, a new module is used to configure and set up access control for websites: mod_authz_core. This means you have to use a different syntax for allowing or blocking hosts and IP addresses to your website. But unfortunately, …

WordPress .htaccess security best practices in Apache 2.4.6+ Read More »

Mod_evasive on IIS

Learn how to set up website DDoS protection with .htaccess and mod_evasive on Windows Server IIS Mod_evasive is a module for Apache and Windows Server IIS (using Helicon Ape). It provides protection and evasive action in the event of an HTTP DoS-, DDoS or brute force attack. Detection is performed by creating an internal dynamic …

Mod_evasive on IIS Read More »

How to hide the .php file extension with IIS URL Rewrite Module

Extensionless URLs in IIS Sometimes it’s important to remove -or hide- the file extension of scripts you use. Security by obscurity might be that reason, if you don’t want others to know what script language you are using for your website, or for static site hosts. This example will hide the .php extension using the …

How to hide the .php file extension with IIS URL Rewrite Module Read More »

Convert .htaccess to web.config

This post describes some of the IIS URL Rewrite Module web.config equivalents of commonly used Apache .htaccess settings. This is useful when you convert your .htaccess to web.config. The second part of this post outlines how to use Internet Information Services Manager to import and convert .htaccess rules to web.config.

Show Buttons
Hide Buttons