# --- HTTP to HTTPS --- RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] # BEGIN WP Rocket # Use UTF-8 encoding for anything served text/plain or text/html AddDefaultCharset UTF-8 # Force UTF-8 for a number of file formats AddCharset UTF-8 .atom .css .js .json .rss .vtt .xml # FileETag None is not enough for every server. Header unset ETag # Since we're sending far-future expires, we don't need ETags for static content. # developer.yahoo.com/performance/rules.html#etags FileETag None Header set X-Powered-By "WP Rocket/3.20.5" Header unset Pragma Header append Cache-Control "public" Header unset Last-Modified Header unset Pragma Header append Cache-Control "public" AddType image/avif avif AddType image/avif-sequence avifs # Expires headers (for better cache control) ExpiresActive on ExpiresDefault "access plus 1 month" ExpiresByType text/cache-manifest "access plus 0 seconds" ExpiresByType text/html "access plus 0 seconds" ExpiresByType text/xml "access plus 0 seconds" ExpiresByType application/xml "access plus 0 seconds" ExpiresByType application/json "access plus 0 seconds" ExpiresByType application/rss+xml "access plus 1 hour" ExpiresByType application/atom+xml "access plus 1 hour" ExpiresByType image/x-icon "access plus 1 week" ExpiresByType image/gif "access plus 4 months" ExpiresByType image/png "access plus 4 months" ExpiresByType image/jpeg "access plus 4 months" ExpiresByType image/webp "access plus 4 months" ExpiresByType video/ogg "access plus 4 months" ExpiresByType audio/ogg "access plus 4 months" ExpiresByType video/mp4 "access plus 4 months" ExpiresByType video/webm "access plus 4 months" ExpiresByType image/avif "access plus 4 months" ExpiresByType image/avif-sequence "access plus 4 months" ExpiresByType text/x-component "access plus 1 month" ExpiresByType font/ttf "access plus 4 months" ExpiresByType font/otf "access plus 4 months" ExpiresByType font/woff "access plus 4 months" ExpiresByType font/woff2 "access plus 4 months" ExpiresByType image/svg+xml "access plus 4 months" ExpiresByType application/vnd.ms-fontobject "access plus 1 month" ExpiresByType text/css "access plus 1 year" ExpiresByType text/javascript "access plus 1 year" ExpiresByType application/javascript "access plus 1 year" # Gzip compression SetOutputFilter DEFLATE SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding SetEnvIfNoCase Request_URI \ \.(?:gif|jpe?g|png|rar|zip|exe|flv|mov|wma|mp3|avi|swf|mp?g|mp4|webm|webp|pdf)$ no-gzip dont-vary AddOutputFilterByType DEFLATE application/atom+xml \ application/javascript \ application/json \ application/rss+xml \ application/vnd.ms-fontobject \ application/x-font-ttf \ application/xhtml+xml \ application/xml \ font/opentype \ image/svg+xml \ image/x-icon \ text/css \ text/javascript \ text/html \ text/plain \ text/x-component \ text/xml Header append Vary: Accept-Encoding # END WP Rocket # --------------------------------------------------- # BASIC SECURITY # --------------------------------------------------- Options -Indexes ServerSignature Off Order Deny,Allow Deny from all Order Deny,Allow Deny from all # --------------------------------------------------- # BLOCK INVALID BASE64 IMAGE REQUEST (CPU FIX) # --------------------------------------------------- RewriteEngine On RewriteCond %{REQUEST_URI} ^/image/gif;base64 [NC] RewriteRule .* - [F,L] # --------------------------------------------------- # BLOCK BAD BOTS (CPU FIX) # --------------------------------------------------- RewriteCond %{HTTP_USER_AGENT} (AhrefsBot|SemrushBot|MJ12bot|DotBot|BLEXBot|YandexBot) [NC] RewriteRule .* - [F,L] # --------------------------------------------------- # BROWSER CACHING # --------------------------------------------------- ExpiresActive On ExpiresByType image/jpg "access 1 year" ExpiresByType image/jpeg "access 1 year" ExpiresByType image/gif "access 1 year" ExpiresByType image/png "access 1 year" ExpiresByType image/webp "access 1 year" ExpiresByType text/css "access 1 month" ExpiresByType application/javascript "access 1 month" ExpiresByType text/html "access 1 hour" # --------------------------------------------------- # GZIP COMPRESSION # --------------------------------------------------- AddOutputFilterByType DEFLATE text/plain AddOutputFilterByType DEFLATE text/html AddOutputFilterByType DEFLATE text/css AddOutputFilterByType DEFLATE text/javascript AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType DEFLATE application/json AddOutputFilterByType DEFLATE application/xml # --------------------------------------------------- # HOTLINK PROTECTION # --------------------------------------------------- RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^https://(www\.)?tiriniti.com/ [NC] RewriteRule \.(jpg|jpeg|png|gif|webp)$ - [F] # --------------------------------------------------- # WORDPRESS CORE # --------------------------------------------------- # BEGIN WordPress RewriteEngine On RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] # END WordPress # --------------------------------------------------- # SECURITY HEADERS # --------------------------------------------------- Header set X-Content-Type-Options "nosniff" Header set X-XSS-Protection "1; mode=block" Header set X-Frame-Options "SAMEORIGIN" Header set Referrer-Policy "no-referrer-when-downgrade" Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"