我试图为摄影师创建一个Wordpress网站,所以我阻止了右键单击,但总是有可能访问上传图像的url。我试着用.htaccess文件和plugind";阻止直接访问";但它不起作用。
有什么东西可以阻止访问?
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www.)?mydomain.be [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www.)?google.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www.)?facebook.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www.)?twitter.com [NC]
RewriteRule .(jpg|jpeg|png|gif)$ - [F]
</IfModule>
为了防止任何人访问wp-content/uploads文件夹中的任何PHP文件,您可以在wp-content/uploads文件夹中创建一个.htaccess文件,并向其中添加以下代码:
# Kill PHP Execution
<Files ~ ".ph(?:p[345]?|t|tml)$">
deny from all
</Files>
您可以将以下代码添加到.htaccess文件中。
# Deny access to .htaccess
<Files .htaccess>
Order allow,deny
Deny from all
</Files>
打开你在网站根文件夹上找到的.htaccess,然后放置下面的代码块:
RewriteCond %{REQUEST_FILENAME} -s
RewriteRule ^wp-content/uploads/(.*)$ dl-file.php?file=$1 [QSA,L]
要在wp-includes文件夹中隐藏敏感文件,请将以下代码添加到站点根目录中的.htaccess文件中:
# Block wp-includes folder and files
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>