<Files "wp-login.php">
order deny,allow
allow from all
</Files>
Options -Indexes
# BEGIN WordPress
# As directivas (linhas) entre "BEGIN WordPress" e "END WordPress" são geradas
# dinamicamente e não deverão ser modificadas através de filtros do WordPress.
# Qualquer alteração às instruções entre estes marcadores será sobreposta.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
# TORNAR O SITE SEGURO Security Headers com classificação A
<IfModule headers_module>
RequestHeader set X-HTTPS 1
Header set Referrer-Policy "no-referrer-when-downgrade"
</IfModule>
<IfModule mod_reqtimeout.c>
RequestReadTimeout header=20-40,MinRate=500 body=20-40,MinRate=500
</IfModule>
Header set X-XSS-Protection "1; mode=block"
Header set X-Content-Type-Options nosniff
<IfModule mod_headers.c>
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS
</IfModule>
Header always set Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()"