# BEGIN WordPress RewriteEngine On RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] # END WordPress # Forzar HTTPS RewriteCond %{HTTPS} off RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] # Headers de Seguridad Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" Header always set Content-Security-Policy "default-src 'self'; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' https:; connect-src 'self' https:; font-src 'self' data: https:; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests;" Header always set X-XSS-Protection "1; mode=block" Header always set X-Content-Type-Options "nosniff" Header always set X-Frame-Options "SAMEORIGIN" Header always set Referrer-Policy "strict-origin-when-cross-origin" Header always set Permissions-Policy "accelerometer=(), camera=(), geolocation=(), microphone=()" # Handler PHP AddHandler application/x-httpd-ea-php81___lsphp .php .php8 .phtml # Proteger archivos importantes Require all denied Require all denied # Deshabilitar listado de directorios Options -Indexes # Bloquear archivos sensibles Require all denied # Proteger wp-includes RewriteEngine On RewriteRule ^wp-admin/includes/ - [F,L] RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] # Bloquear XMLRPC si no se usa Require all denied # Limitar tamaño de subida (~10 MB) LimitRequestBody 10240000 Orix archivos - Almacenes Continente