# BEGIN Cloudflare IPv4 Address Ranges
<IfModule mod_authz_core.c>
<RequireAny>
Require local
Require ip 103.21.244.0/22
Require ip 103.22.200.0/22
Require ip 103.31.4.0/22
Require ip 104.16.0.0/12
Require ip 108.162.192.0/18
Require ip 141.101.64.0/18
Require ip 162.158.0.0/15
Require ip 172.64.0.0/13
Require ip 173.245.48.0/20
Require ip 188.114.96.0/20
Require ip 190.93.240.0/20
Require ip 197.234.240.0/22
Require ip 198.41.128.0/17
Require ip 199.27.128.0/21
</RequireAny>
</IfModule>
# END Cloudflare IPv4 Address Ranges
htaccess: deny access to certain files extensions
# Apache v2.4
# Deny access to files with extensions .sql, .gz, .zip
<FilesMatch "\.(sql|gz|zip)$">
Require all denied
</FilesMatch>
# Deny access to files with extensions .sql, .gz, .zip, .tar, 7z
<FilesMatch "\.(sql|gz|zip|tar|7z)$">
Require all denied
</FilesMatch>
# Apache v2.2
# Deny access to files with extensions .sql, .gz, .zip
<FilesMatch "\.(sql|gz|zip)$">
Order allow,deny
Deny from all
</FilesMatch>
# Deny access to files with extensions .sql, .gz, .zip, .tar, 7z
<FilesMatch "\.(sql|gz|zip|tar|7z)$">
Order allow,deny
Deny from all
</FilesMatch>
Cloudflare: no php in wp-content
(http.request.uri.path contains "/wp-content/" and http.request.uri.path contains ".php")
Cloudflare: block access to plugin folder
(http.request.uri.path contains "/wp-content/plugins/" and not http.referer contains "www.mydomain.com")
Remove REST API info from head and headers
// Remove REST API info from head and headers. remove_action( 'xmlrpc_rsd_apis', 'rest_output_rsd' ); remove_action( 'wp_head', 'rest_output_link_wp_head', 10 ); remove_action( 'template_redirect', 'rest_output_link_header', 11 );
Block Jetpack nag messages and promotions
// A filter to control all just in time messages. // @link jetpack/class.jetpack.php add_filter( 'jetpack_just_in_time_msgs', '__return_false', 20 ); add_filter( 'jetpack_just_in_time_msg_cache', '__return_false', 20 ); // Status of promotions visibility. // @link jetpack/_inc/lib/admin-pages/class.jetpack-react-page.php add_filter( 'jetpack_show_promotions', '__return_false', 20 );