# ============================================================================== # WordPress + Elementor + Infomaniak # Version propre et sécurisée # ============================================================================== # ------------------------------------------------------------------------------ # HTTPS # ------------------------------------------------------------------------------ RewriteEngine On # Redirection HTTPS propre compatible Infomaniak RewriteCond %{HTTPS} !=on RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] # ------------------------------------------------------------------------------ # Protection fichiers sensibles # ------------------------------------------------------------------------------ Require all denied Require all denied Require all denied Require all denied Require all denied # ------------------------------------------------------------------------------ # Protection uploads # Empêche l'exécution PHP dans uploads # ------------------------------------------------------------------------------ RewriteRule ^wp-content/uploads/.*\.(php|phtml|phps)$ - [F,L] # ------------------------------------------------------------------------------ # Désactivation listing dossiers # ------------------------------------------------------------------------------ Options -Indexes # ------------------------------------------------------------------------------ # Headers sécurité # ------------------------------------------------------------------------------ Header always set X-Content-Type-Options "nosniff" Header always set X-Frame-Options "SAMEORIGIN" Header always set Referrer-Policy "strict-origin-when-cross-origin" # Protection navigateur moderne Header always set Permissions-Policy "geolocation=(), microphone=(), camera=()" # Masquer signature serveur Header unset X-Powered-By ServerSignature Off # ------------------------------------------------------------------------------ # Compression GZIP # ------------------------------------------------------------------------------ AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType DEFLATE application/json AddOutputFilterByType DEFLATE image/svg+xml # ------------------------------------------------------------------------------ # Cache navigateur # ------------------------------------------------------------------------------ ExpiresActive On # Images ExpiresByType image/jpeg "access plus 1 year" ExpiresByType image/png "access plus 1 year" ExpiresByType image/gif "access plus 1 year" ExpiresByType image/webp "access plus 1 year" ExpiresByType image/svg+xml "access plus 1 year" # CSS / JS ExpiresByType text/css "access plus 1 month" ExpiresByType application/javascript "access plus 1 month" # Fonts ExpiresByType font/woff2 "access plus 1 year" ExpiresByType font/woff "access plus 1 year" # Force le HTTPS dans le navigateur (HSTS) Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" # ------------------------------------------------------------------------------ # WordPress # ------------------------------------------------------------------------------ # BEGIN WordPress RewriteEngine On RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] # END WordPress