.htaccess设置技巧
Are you looking for some useful .htaccess tricks for your WordPress site. The .htaccess file is a powerful configuration file which allows you to do a lot of neat things on your website. In this article, we will show you some of the most useful .htaccess tricks for WordPress that you can try right away.
您是否正在为您的WordPress网站寻找一些有用的.htaccess技巧。 .htaccess文件是一个功能强大的配置文件,它使您可以在网站上进行许多精美的工作。 在本文中,我们将向您展示一些可用于WordPress的最有用的.htaccess技巧。
什么是.htaccess文件以及如何编辑它? (What is .htaccess File and How to Edit it?)
The .htaccess file is a server configuration file. It allows you to define rules for your server to follow for your website.
.htaccess文件是服务器配置文件。 它允许您定义服务器要遵循的网站规则。
WordPress uses .htaccess file to generate SEO friendly URL structure. However, this file can do a lot more.
WordPress使用.htaccess文件生成SEO友好的URL结构。 但是,此文件可以做更多的事情。
The .htaccess file is located in your WordPress site’s root folder. You will need to connect to your website using an FTP client to edit it.
.htaccess文件位于WordPress网站的根文件夹中。 您将需要使用FTP客户端连接到您的网站以对其进行编辑。
If you cannot find your .htaccess file, then see our guide on how to find .htaccess file in WordPress.
如果找不到.htaccess文件,请参阅有关如何在WordPress中查找.htaccess文件的指南。
Before editing your .htaccess file, it is important to download a copy of it to your computer as backup. You can use that file in case anything goes wrong.
在编辑.htaccess文件之前,将其副本下载到计算机作为备份非常重要。 如果出现任何问题,您可以使用该文件。
Having said that, let’s take a look at some useful .htaccess tricks for WordPress that you can try.
话虽如此,让我们看一下可以尝试的一些有用的WordPress .htaccess技巧。
1.保护您的WordPress管理区域 (1. Protect Your WordPress Admin Area)
You can use .htaccess to protect your WordPress admin area by limiting the access to selected IP addresses only. Simply copy and paste this code into your .htaccess file:
您可以使用.htaccess来限制您对选定IP地址的访问,从而保护WordPress管理区域。 只需将以下代码复制并粘贴到您的.htaccess文件中:
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "WordPress Admin Access Control"
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
# whitelist Syed's IP address
allow from xx.xx.xx.xxx
# whitelist David's IP address
allow from xx.xx.xx.xxx
</LIMIT>
Don’t forget to replace xx values with your own IP address. If you use more than one IP address to access the internet, then make sure you add them as well.
不要忘记用自己的IP地址替换xx值。 如果您使用多个IP地址访问Internet,请确保同时添加它们。
For detailed instructions, see our guide on how to limit access to WordPress admin using .htaccess.
有关详细说明,请参阅我们的指南,了解如何使用.htaccess限制对WordPress管理员的访问 。
2.密码保护WordPress管理员文件夹 (2. Password Protect WordPress Admin Folder)
If you access your WordPress site from multiple locations including public internet spots, then limiting access to specific IP addresses may not work for you.
如果您从多个位置(包括公共Internet站点)访问WordPress网站,那么对特定IP地址的访问限制可能对您不起作用。
You can use .htaccess file to add an additional password protection to your WordPress admin area.
您可以使用.htaccess文件向WordPress管理区域添加其他密码保护。
First, you need to generate a .htpasswds file. You can easily create one by using this online generator.
首先,您需要生成一个.htpasswds文件。 您可以使用此在线生成器轻松创建一个。
Upload this .htpasswds file outside your publicly accessible web directory or /public_html/ folder. A good path would be:
将此.htpasswds文件上传到可公开访问的Web目录或/ public_html /文件夹之外。 一个好的方法是:
/home/user/.htpasswds/public_html/wp-admin/passwd/
/home/user/.htpasswds/public_html/wp-admin/passwd/
Next, create a .htaccess file and upload it in /wp-admin/ directory and then add the following codes in there:
接下来,创建一个.htaccess文件,并将其上传到/ wp-admin /目录中,然后在其中添加以下代码:
AuthName "Admins Only"
AuthUserFile /home/yourdirectory/.htpasswds/public_html/wp-admin/passwd
AuthGroupFile /dev/null
AuthType basic
require user putyourusernamehere
<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any
</Files>
Important: Don’t forget to replace AuthUserFile path with the file path of your .htpasswds file and add your own username.
重要提示:不要忘记将AuthUserFile路径替换为.htpasswds文件的文件路径,并添加自己的用户名。
For detailed instructions, see our guide on how to password protect WordPress admin folder.
有关详细说明,请参阅有关如何密码保护WordPress admin文件夹的指南 。
3.禁用目录浏览 (3. Disable Directory Browsing)
Many WordPress security experts recommend disabling directory browsing. With directory browsing enabled, hackers can look into your site’s directory and file structure to find a vulnerable file.
许多WordPress安全专家建议禁用目录浏览。 启用目录浏览后,黑客可以查看您网站的目录和文件结构来查找易受攻击的文件。
To disable directory browsing on your website, you need to add the following line to your .htaccess file.
要在您的网站上禁用目录浏览,您需要在.htaccess文件中添加以下行。
Options -Indexes
For more on this topic, see our guide on how to disable directory browsing in WordPress.
有关此主题的更多信息,请参见有关如何在WordPress中禁用目录浏览的指南。
4.在某些WordPress目录中禁用PHP执行 (4. Disable PHP Execution in Some WordPress Directories)
Sometimes hackers break into a WordPress site and install a backdoor. These backdoor files are often disguised as core WordPress files and are placed in /wp-includes/ or /wp-content/uploads/ folders.
有时,黑客闯入WordPress网站并安装后门 。 这些后门文件通常被伪装成WordPress的核心文件,并放置在/ wp-includes /或/ wp-content / uploads /文件夹中。
An easier way to improve your WordPress security is by disabling PHP execution for some WordPress directories.
一种提高WordPress安全性的更简单方法是禁用某些WordPress目录PHP执行。
You will need to create a blank .htaccess file on your computer and then paste the following code inside it.
您将需要在计算机上创建一个空白的.htaccess文件,然后将以下代码粘贴到其中。
<Files *.php>
deny from all
</Files>
Save the file and then upload it to your /wp-content/uploads/ and /wp-includes/ directories. For more information check out our tutorial on how to disable PHP execution in certain WordPress directories.
保存文件,然后将其上传到/ wp-content / uploads /和/ wp-includes /目录。 有关更多信息,请查看有关如何在某些WordPress目录中禁用PHP执行的教程。
5.保护您的WordPress配置wp-config.php文件 (5. Protect Your WordPress Configuration wp-config.php File)
Probably the most important file in your WordPress website’s root directory is wp-config.php file. It contains information about your WordPress database and how to connect to it.
WordPress网站根目录中最重要的文件可能是wp-config.php file 。 它包含有关WordPress数据库及其连接方式的信息。
To protect your wp-config.php file from unathorized access, simply add this code to your .htaccess file:
要保护wp-config.php文件不受未经授权的访问,只需将以下代码添加到您的.htaccess文件中:
<files wp-config.php>
order allow,deny
deny from all
</files>
6.通过.htaccess文件设置301重定向 (6. Setting up 301 Redirects Through .htaccess File)
Using 301 redirects is the most SEO friendly way to tell your users that a content has moved to a new location. If you want to properly manage your 301 redirects on posts per post basis, then check out our guide on how to setup redirects in WordPress.
使用301重定向是最SEO友好的方式,可以告诉您的用户内容已移至新位置。 如果您想适当地管理每个帖子的301重定向,请查看有关如何在WordPress中设置重定向的指南。
On the other hand, if you want to quickly setup redirects, then all you need to do is paste this code in your .htaccess file.
另一方面,如果要快速设置重定向,则只需将这段代码粘贴到.htaccess文件中即可。
Redirect 301 /oldurl/ http://www.example.com/newurl
Redirect 301 /category/television/ http://www.example.com/category/tv/
7.禁止可疑IP地址 (7. Ban Suspicious IP Addresses)
Are you seeing unusually high requests to your website from a specific IP address? You can easily block those requests by blocking the IP address in your .htaccess file.
您是否从特定IP地址看到对网站的异常高要求? 您可以通过阻止.htaccess文件中的IP地址来轻松阻止这些请求。
Add the following code to your .htaccess file:
将以下代码添加到您的.htaccess文件中:
<Limit GET POST>
order allow,deny
deny from xxx.xxx.xx.x
allow from all
</Limit>
Don’t forget to replace xx with the IP address you want to block.
不要忘记将xx替换为您要阻止的IP地址。
8.使用.htaccess禁用WordPress中的图像热链接 (8. Disable Image Hotlinking in WordPress Using .htaccess)
Other websites directly hotlinking images from your site can make your WordPress site slow and exceed your bandwidth limit. This isn’t a big issue for most smaller websites. However, if you run a popular website or a website with lots of photos, then this could become a serious concern.
其他直接从您的站点进行图像热链接的网站可能会使您的WordPress网站变慢并超过您的带宽限制。 对于大多数小型网站来说,这不是一个大问题。 但是,如果您运行一个受欢迎的网站或包含很多照片的网站,那么这可能会成为一个严重的问题。
You can prevent image hotlinking by adding this code to your .htaccess file:
您可以通过将以下代码添加到.htaccess文件中来防止图像热链接:
#disable hotlinking of images with forbidden or custom image option
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?wpbeginner.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ – [NC,F,L]
This code only allows images to be displayed if the request is originating from wpbeginner.com or Google.com. Don’t forget to replace wpbeginner.com with your own domain name.
如果请求来自wpbeginner.com或Google.com,则此代码仅允许显示图像。 不要忘记用您自己的域名替换wpbeginner.com。
For more ways to protect your images see our guide on ways to prevent image theft in WordPress.
有关保护图像的更多方法,请参阅有关如何在WordPress中防止图像被盗的指南。
9.保护.htaccess免受未经授权的访问 (9. Protect .htaccess From Unauthorized Access)
As you have seen that there are so many things that can be done using the .htaccess file. Due to the power and control it has on your web server, it is important to protect it from unauthorized access by hackers. Simply add following code to your .htaccess file:
如您所见,使用.htaccess文件可以完成很多事情。 由于Web服务器具有强大的功能和控制能力,因此保护其免受黑客的未经授权的访问非常重要。 只需将以下代码添加到您的.htaccess文件中:
<files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</files>
10.增加WordPress中的文件上传大小 (10. Increase File Upload Size in WordPress)
There are different ways to increase the file upload size limit in WordPress. However, for users on shared hosting some of these methods do not work.
有多种方法可以增加WordPress中文件上传大小的限制 。 但是,对于共享主机上的用户,其中某些方法无效。
One of the methods that has worked for many users is by adding following code to their .htaccess file:
对许多用户有效的方法之一是在其.htaccess文件中添加以下代码:
php_value upload_max_filesize 64M
php_value post_max_size 64M
php_value max_execution_time 300
php_value max_input_time 300
This code simply tells your web server to use these values to increase file upload size as well as maximum execution time in WordPress.
此代码仅告诉您的Web服务器使用这些值来增加文件上传大小以及WordPress中的最长执行时间。
11.禁止使用.htaccess访问XML-RPC文件 (11. Disable Access to XML-RPC File Using .htaccess)
Each WordPress install comes with a file called xmlrpc.php. This file allows third-party apps to connect to your WordPress site. Most WordPress security experts advise that if you are not using any third party apps, then you should disable this feature.
每次WordPress安装都附带一个名为xmlrpc.php的文件。 此文件允许第三方应用程序连接到您的WordPress网站。 大多数WordPress安全专家建议,如果您不使用任何第三方应用程序,则应禁用此功能。
There are multiple ways to do that, one of them is by adding the following code to your .htaccess file:
有多种方法可以执行此操作,其中一种方法是将以下代码添加到您的.htaccess文件中:
# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>
For more information, see our guide on how to disable XML-RPC in WordPress.
有关更多信息,请参见有关如何在WordPress中禁用XML-RPC的指南。
12.在WordPress中阻止作者扫描 (12. Blocking Author Scans in WordPress)
A common technique used in brute force attacks is to run author scans on a WordPress site and then attempt to crack passwords for those usernames.
暴力攻击中常用的一种技术是在WordPress网站上运行作者扫描,然后尝试破解那些用户名的密码。
You can block such scans by adding the following code to your .htaccess file:
您可以通过将以下代码添加到.htaccess文件中来阻止此类扫描:
# BEGIN block author scans
RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} (author=\d+) [NC]
RewriteRule .* - [F]
# END block author scans
For more information, see our article on how to discourage brute force attacks by blocking author scans in WordPress.
有关更多信息,请参阅有关如何通过阻止WordPress中的作者扫描来阻止暴力攻击的文章 。
We hope this article helped you learn the most useful .htaccess tricks for WordPress. You may also want to see our ultimate step by step WordPress security guide for beginners.
我们希望本文能帮助您学习WordPress最有用的.htaccess技巧。 您可能还想看看我们针对初学者的终极逐步WordPress安全指南。
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
如果您喜欢这篇文章,请订阅我们的YouTube频道 WordPress视频教程。 您也可以在Twitter和Facebook上找到我们。
翻译自: https://www.wpbeginner.com/wp-tutorials/9-most-useful-htaccess-tricks-for-wordpress/
.htaccess设置技巧
465
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
