sebagai catatan saja , biar gak lupa :
# BEGIN iThemes Security - Do not modify or remove this line
# iThemes Security Config Details: 2<IfModule mod_authz_core.c>
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
Allow from all
</IfModule># END iThemes Security - Do not modify or remove this line
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
# BEGIN iThemes Security - Do not modify or remove this line
# iThemes Security Config Details: 2<IfModule mod_authz_core.c>
Require all granted
<RequireAll>
Require all granted
# Ban Hosts - Security > Settings > Banned Users
Require not ip 127.0.0.1
Require not ip 167.99.70.130
Require not ip 54.37.253.136
Require not ip 152.42.206.20
Require not ip 134.209.103.133
Require not ip 152.42.188.80
Require not ip 178.128.106.105
Require not ip 20.204.63.186
Require not ip 206.189.90.217
Require not ip 45.140.17.38
Require not ip 44.211.11.110
Require not ip 159.65.130.187
Require not ip 20.193.133.39
Require not ip 43.134.103.77
Require not ip 43.133.46.111
Require not ip 1.14.92.22
Require not ip 159.65.6.231
Require not ip 206.189.43.98
Require not ip 168.138.78.10
Require not ip 79.110.62.245
Require not ip 193.142.146.226
Require not ip 143.198.86.115
Require not ip 1.14.96.240
Require not ip 13.84.202.16
Require not ip 20.81.146.180
Require not ip 146.190.84.225
Require not ip 57.128.82.244
Require not ip 174.138.183.2
Require not ip 20.124.129.39
Require not ip 20.28.159.67
Require not ip 20.254.34.165
Require not ip 51.132.59.154
</RequireAll>
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
Allow from all
Deny from 127.0.0.1
Deny from 167.99.70.130
Deny from 54.37.253.136
Deny from 152.42.206.20
Deny from 134.209.103.133
Deny from 152.42.188.80
Deny from 178.128.106.105
Deny from 20.204.63.186
Deny from 206.189.90.217
Deny from 45.140.17.38
Deny from 44.211.11.110
Deny from 159.65.130.187
Deny from 20.193.133.39
Deny from 43.134.103.77
Deny from 43.133.46.111
Deny from 1.14.92.22
Deny from 159.65.6.231
Deny from 206.189.43.98
Deny from 168.138.78.10
Deny from 79.110.62.245
Deny from 193.142.146.226
Deny from 143.198.86.115
Deny from 1.14.96.240
Deny from 13.84.202.16
Deny from 20.81.146.180
Deny from 146.190.84.225
Deny from 57.128.82.244
Deny from 174.138.183.2
Deny from 20.124.129.39
Deny from 20.28.159.67
Deny from 20.254.34.165
Deny from 51.132.59.154
</IfModule># END iThemes Security - Do not modify or remove this line
<files .htaccess>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from all
</IfModule>
</files>
<files readme.html>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from all
</IfModule>
</files>
<files readme.txt>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from all
</IfModule>
</files>
<files wp-config.php>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from all
</IfModule>
</files>
Options -Indexes
<IfModule mod_rewrite.c>
RewriteEngine On# Protect System Files
RewriteRule ^wp-admin/install\.php$ - [F]
RewriteRule ^wp-admin/includes/ - [F]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]
RewriteRule ^wp-includes/theme-compat/ - [F]
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule (^|.*/)\.(git|svn)/.* - [F]# Disable PHP in Uploads
RewriteRule ^wp\-content/uploads/.*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ - [NC,F]# Disable PHP in Plugins
RewriteRule ^wp\-content/plugins/.*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ - [NC,F]# Disable PHP in Themes
RewriteRule ^wp\-content/themes/.*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ - [NC,F]
</IfModule>
#Begin Really Simple Security
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP:CF-Visitor} '"scheme":"http"'
RewriteCond %{REQUEST_URI} !wp-content\/cache\/(all|wpfc-mobile-cache)
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
</IfModule>
#End Really Simple Security
# BEGIN iThemes Security - Do not modify or remove this line# iThemes Security Config Details: 2# Ban Hosts - Security > Settings > Banned UsersSetEnvIF REMOTE_ADDR "^127\.0\.0\.1$" DenyAccessSetEnvIF X-FORWARDED-FOR "^127\.0\.0\.1$" DenyAccessSetEnvIF X-CLUSTER-CLIENT-IP "^127\.0\.0\.1$" DenyAccessSetEnvIF REMOTE_ADDR "^167\.99\.70\.130$" DenyAccessSetEnvIF X-FORWARDED-FOR "^167\.99\.70\.130$" DenyAccessSetEnvIF X-CLUSTER-CLIENT-IP "^167\.99\.70\.130$" DenyAccessSetEnvIF REMOTE_ADDR "^54\.37\.253\.136$" DenyAccessSetEnvIF X-FORWARDED-FOR "^54\.37\.253\.136$" DenyAccessSetEnvIF X-CLUSTER-CLIENT-IP "^54\.37\.253\.136$" DenyAccessSetEnvIF REMOTE_ADDR "^152\.42\.206\.20$" DenyAccessSetEnvIF X-FORWARDED-FOR "^152\.42\.206\.20$" DenyAccessSetEnvIF X-CLUSTER-CLIENT-IP "^152\.42\.206\.20$" DenyAccessSetEnvIF REMOTE_ADDR "^134\.209\.103\.133$" DenyAccessSetEnvIF X-FORWARDED-FOR "^134\.209\.103\.133$" DenyAccessSetEnvIF X-CLUSTER-CLIENT-IP "^134\.209\.103\.133$" DenyAccessSetEnvIF REMOTE_ADDR "^152\.42\.188\.80$" DenyAccessSetEnvIF X-FORWARDED-FOR "^152\.42\.188\.80$" DenyAccessSetEnvIF X-CLUSTER-CLIENT-IP "^152\.42\.188\.80$" DenyAccessSetEnvIF REMOTE_ADDR "^178\.128\.106\.105$" DenyAccessSetEnvIF X-FORWARDED-FOR "^178\.128\.106\.105$" DenyAccessSetEnvIF X-CLUSTER-CLIENT-IP "^178\.128\.106\.105$" DenyAccessSetEnvIF REMOTE_ADDR "^20\.204\.63\.186$" DenyAccessSetEnvIF X-FORWARDED-FOR "^20\.204\.63\.186$" DenyAccessSetEnvIF X-CLUSTER-CLIENT-IP "^20\.204\.63\.186$" DenyAccessSetEnvIF REMOTE_ADDR "^206\.189\.90\.217$" DenyAccessSetEnvIF X-FORWARDED-FOR "^206\.189\.90\.217$" DenyAccessSetEnvIF X-CLUSTER-CLIENT-IP "^206\.189\.90\.217$" DenyAccessSetEnvIF REMOTE_ADDR "^45\.140\.17\.38$" DenyAccessSetEnvIF X-FORWARDED-FOR "^45\.140\.17\.38$" DenyAccessSetEnvIF X-CLUSTER-CLIENT-IP "^45\.140\.17\.38$" DenyAccessSetEnvIF REMOTE_ADDR "^44\.211\.11\.110$" DenyAccessSetEnvIF X-FORWARDED-FOR "^44\.211\.11\.110$" DenyAccessSetEnvIF X-CLUSTER-CLIENT-IP "^44\.211\.11\.110$" DenyAccessSetEnvIF REMOTE_ADDR "^159\.65\.130\.187$" DenyAccessSetEnvIF X-FORWARDED-FOR "^159\.65\.130\.187$" DenyAccessSetEnvIF X-CLUSTER-CLIENT-IP "^159\.65\.130\.187$" DenyAccessSetEnvIF REMOTE_ADDR "^20\.193\.133\.39$" DenyAccessSetEnvIF X-FORWARDED-FOR "^20\.193\.133\.39$" DenyAccessSetEnvIF X-CLUSTER-CLIENT-IP "^20\.193\.133\.39$" DenyAccessSetEnvIF REMOTE_ADDR "^43\.134\.103\.77$" DenyAccessSetEnvIF X-FORWARDED-FOR "^43\.134\.103\.77$" DenyAccessSetEnvIF X-CLUSTER-CLIENT-IP "^43\.134\.103\.77$" DenyAccessSetEnvIF REMOTE_ADDR "^43\.133\.46\.111$" DenyAccessSetEnvIF X-FORWARDED-FOR "^43\.133\.46\.111$" DenyAccessSetEnvIF X-CLUSTER-CLIENT-IP "^43\.133\.46\.111$" DenyAccessSetEnvIF REMOTE_ADDR "^1\.14\.92\.22$" DenyAccessSetEnvIF X-FORWARDED-FOR "^1\.14\.92\.22$" DenyAccessSetEnvIF X-CLUSTER-CLIENT-IP "^1\.14\.92\.22$" DenyAccessSetEnvIF REMOTE_ADDR "^159\.65\.6\.231$" DenyAccessSetEnvIF X-FORWARDED-FOR "^159\.65\.6\.231$" DenyAccessSetEnvIF X-CLUSTER-CLIENT-IP "^159\.65\.6\.231$" DenyAccessSetEnvIF REMOTE_ADDR "^206\.189\.43\.98$" DenyAccessSetEnvIF X-FORWARDED-FOR "^206\.189\.43\.98$" DenyAccessSetEnvIF X-CLUSTER-CLIENT-IP "^206\.189\.43\.98$" DenyAccessSetEnvIF REMOTE_ADDR "^168\.138\.78\.10$" DenyAccessSetEnvIF X-FORWARDED-FOR "^168\.138\.78\.10$" DenyAccessSetEnvIF X-CLUSTER-CLIENT-IP "^168\.138\.78\.10$" DenyAccessSetEnvIF REMOTE_ADDR "^79\.110\.62\.245$" DenyAccessSetEnvIF X-FORWARDED-FOR "^79\.110\.62\.245$" DenyAccessSetEnvIF X-CLUSTER-CLIENT-IP "^79\.110\.62\.245$" DenyAccessSetEnvIF REMOTE_ADDR "^193\.142\.146\.226$" DenyAccessSetEnvIF X-FORWARDED-FOR "^193\.142\.146\.226$" DenyAccessSetEnvIF X-CLUSTER-CLIENT-IP "^193\.142\.146\.226$" DenyAccessSetEnvIF REMOTE_ADDR "^143\.198\.86\.115$" DenyAccessSetEnvIF X-FORWARDED-FOR "^143\.198\.86\.115$" DenyAccessSetEnvIF X-CLUSTER-CLIENT-IP "^143\.198\.86\.115$" DenyAccessSetEnvIF REMOTE_ADDR "^1\.14\.96\.240$" DenyAccessSetEnvIF X-FORWARDED-FOR "^1\.14\.96\.240$" DenyAccessSetEnvIF X-CLUSTER-CLIENT-IP "^1\.14\.96\.240$" DenyAccessSetEnvIF REMOTE_ADDR "^13\.84\.202\.16$" DenyAccessSetEnvIF X-FORWARDED-FOR "^13\.84\.202\.16$" DenyAccessSetEnvIF X-CLUSTER-CLIENT-IP "^13\.84\.202\.16$" DenyAccessSetEnvIF REMOTE_ADDR "^20\.81\.146\.180$" DenyAccessSetEnvIF X-FORWARDED-FOR "^20\.81\.146\.180$" DenyAccessSetEnvIF X-CLUSTER-CLIENT-IP "^20\.81\.146\.180$" DenyAccessSetEnvIF REMOTE_ADDR "^146\.190\.84\.225$" DenyAccessSetEnvIF X-FORWARDED-FOR "^146\.190\.84\.225$" DenyAccessSetEnvIF X-CLUSTER-CLIENT-IP "^146\.190\.84\.225$" DenyAccessSetEnvIF REMOTE_ADDR "^57\.128\.82\.244$" DenyAccessSetEnvIF X-FORWARDED-FOR "^57\.128\.82\.244$" DenyAccessSetEnvIF X-CLUSTER-CLIENT-IP "^57\.128\.82\.244$" DenyAccessSetEnvIF REMOTE_ADDR "^174\.138\.183\.2$" DenyAccessSetEnvIF X-FORWARDED-FOR "^174\.138\.183\.2$" DenyAccessSetEnvIF X-CLUSTER-CLIENT-IP "^174\.138\.183\.2$" DenyAccessSetEnvIF REMOTE_ADDR "^20\.124\.129\.39$" DenyAccessSetEnvIF X-FORWARDED-FOR "^20\.124\.129\.39$" DenyAccessSetEnvIF X-CLUSTER-CLIENT-IP "^20\.124\.129\.39$" DenyAccessSetEnvIF REMOTE_ADDR "^20\.28\.159\.67$" DenyAccessSetEnvIF X-FORWARDED-FOR "^20\.28\.159\.67$" DenyAccessSetEnvIF X-CLUSTER-CLIENT-IP "^20\.28\.159\.67$" DenyAccessSetEnvIF REMOTE_ADDR "^20\.254\.34\.165$" DenyAccessSetEnvIF X-FORWARDED-FOR "^20\.254\.34\.165$" DenyAccessSetEnvIF X-CLUSTER-CLIENT-IP "^20\.254\.34\.165$" DenyAccessSetEnvIF REMOTE_ADDR "^51\.132\.59\.154$" DenyAccessSetEnvIF X-FORWARDED-FOR "^51\.132\.59\.154$" DenyAccessSetEnvIF X-CLUSTER-CLIENT-IP "^51\.132\.59\.154$" DenyAccess<IfModule mod_authz_core.c><RequireAll>Require all grantedRequire not env DenyAccessRequire not ip 127.0.0.1Require not ip 167.99.70.130Require not ip 54.37.253.136Require not ip 152.42.206.20Require not ip 134.209.103.133Require not ip 152.42.188.80Require not ip 178.128.106.105Require not ip 20.204.63.186Require not ip 206.189.90.217Require not ip 45.140.17.38Require not ip 44.211.11.110Require not ip 159.65.130.187Require not ip 20.193.133.39Require not ip 43.134.103.77Require not ip 43.133.46.111Require not ip 1.14.92.22Require not ip 159.65.6.231Require not ip 206.189.43.98Require not ip 168.138.78.10Require not ip 79.110.62.245Require not ip 193.142.146.226Require not ip 143.198.86.115Require not ip 1.14.96.240Require not ip 13.84.202.16Require not ip 20.81.146.180Require not ip 146.190.84.225Require not ip 57.128.82.244Require not ip 174.138.183.2Require not ip 20.124.129.39Require not ip 20.28.159.67Require not ip 20.254.34.165Require not ip 51.132.59.154</RequireAll></IfModule><IfModule !mod_authz_core.c>Order allow,denyAllow from allDeny from env=DenyAccessDeny from 127.0.0.1Deny from 167.99.70.130Deny from 54.37.253.136Deny from 152.42.206.20Deny from 134.209.103.133Deny from 152.42.188.80Deny from 178.128.106.105Deny from 20.204.63.186Deny from 206.189.90.217Deny from 45.140.17.38Deny from 44.211.11.110Deny from 159.65.130.187Deny from 20.193.133.39Deny from 43.134.103.77Deny from 43.133.46.111Deny from 1.14.92.22Deny from 159.65.6.231Deny from 206.189.43.98Deny from 168.138.78.10Deny from 79.110.62.245Deny from 193.142.146.226Deny from 143.198.86.115Deny from 1.14.96.240Deny from 13.84.202.16Deny from 20.81.146.180Deny from 146.190.84.225Deny from 57.128.82.244Deny from 174.138.183.2Deny from 20.124.129.39Deny from 20.28.159.67Deny from 20.254.34.165Deny from 51.132.59.154</IfModule># Protect System Files - Security > Settings > System Tweaks > System Files<files .htaccess><IfModule mod_authz_core.c>Require all denied</IfModule><IfModule !mod_authz_core.c>Order allow,denyDeny from all</IfModule></files><files readme.html><IfModule mod_authz_core.c>Require all denied</IfModule><IfModule !mod_authz_core.c>Order allow,denyDeny from all</IfModule></files><files readme.txt><IfModule mod_authz_core.c>Require all denied</IfModule><IfModule !mod_authz_core.c>Order allow,denyDeny from all</IfModule></files><files wp-config.php><IfModule mod_authz_core.c>Require all denied</IfModule><IfModule !mod_authz_core.c>Order allow,denyDeny from all</IfModule></files># Disable Directory Browsing - Security > Settings > System Tweaks > Directory BrowsingOptions -Indexes<IfModule mod_rewrite.c>RewriteEngine On# Protect System Files - Security > Settings > System Tweaks > System FilesRewriteRule ^wp-admin/install\.php$ - [F]RewriteRule ^wp-admin/includes/ - [F]RewriteRule !^wp-includes/ - [S=3]RewriteRule ^wp-includes/[^/]+\.php$ - [F]RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]RewriteRule ^wp-includes/theme-compat/ - [F]RewriteCond %{REQUEST_FILENAME} -fRewriteRule (^|.*/)\.(git|svn)/.* - [F]# Disable PHP in Uploads - Security > Settings > System Tweaks > PHP in UploadsRewriteRule ^wp\-content/uploads/.*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ - [NC,F]# Disable PHP in Plugins - Security > Settings > System Tweaks > PHP in PluginsRewriteRule ^wp\-content/plugins/.*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ - [NC,F]# Disable PHP in Themes - Security > Settings > System Tweaks > PHP in ThemesRewriteRule ^wp\-content/themes/.*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ - [NC,F]</IfModule># END iThemes Security - Do not modify or remove this line#Begin Really Simple Security<IfModule mod_rewrite.c>RewriteEngine onRewriteCond %{HTTP:CF-Visitor} '"scheme":"http"'RewriteCond %{REQUEST_URI} !wp-content\/cache\/(all|wpfc-mobile-cache)RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]</IfModule>#End Really Simple Security# BEGIN WordPress# The directives (lines) between "BEGIN WordPress" and "END WordPress" are# dynamically generated, and should only be modified via WordPress filters.# Any changes to the directives between these markers will be overwritten.<IfModule mod_rewrite.c>RewriteEngine OnRewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]RewriteBase /RewriteRule ^index\.php$ - [L]RewriteCond %{REQUEST_FILENAME} !-fRewriteCond %{REQUEST_FILENAME} !-dRewriteRule . /index.php [L]</IfModule># END WordPress