Get exclusive CAP network offers from top brands

View CAP Offers

Reply To: Website hacked? What to do?

[bsa_pro_ad_space id=2]
#832065
gokken
Member

@byebyebaby 249779 wrote:

but do those plugins not slow down my website a lot?

Every plugin will degrade performance a little.

However given you’ve already been hacked, I’d be more concerned about taking steps to stop being hacked again and less concerned about a few seconds of extra load time, which can be reduced by implementing gzip compression for example.

This is not html!
Add it to your first line in your .htacess file.

[HTML]
# BEGIN Compress text files

AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml application/xhtml+xml text/css text/javascript application/javascript application/x-javascript application/x-httpd-php

# END Compress text files

# BEGIN Expire headers

ExpiresActive On
ExpiresDefault “access plus 5 seconds”
ExpiresByType image/x-icon “access plus 2592000 seconds”
ExpiresByType image/jpeg “access plus 2592000 seconds”
ExpiresByType image/png “access plus 2592000 seconds”
ExpiresByType image/gif “access plus 2592000 seconds”
ExpiresByType application/x-shockwave-flash “access plus 2592000 seconds”
ExpiresByType text/css “access plus 6048000 seconds”
ExpiresByType text/javascript “access plus 2160000 seconds”
ExpiresByType application/javascript “access plus 2160000 seconds”
ExpiresByType application/x-javascript “access plus 2160000 seconds”
ExpiresByType text/html “access plus 600 seconds”
ExpiresByType application/xhtml+xml “access plus 600 seconds”

# END Expire headers

# BEGIN Cache-Control Headers

Header set Cache-Control “public”

Header set Cache-Control “public”

Header set Cache-Control “private”

Header set Cache-Control “private, must-revalidate”

# END Cache-Control Headers
[/HTML]

Next I’d recommend adding this to your htaccess file:

[HTML]

order allow,deny
deny from all

RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK|DEBUG) [NC]
RewriteRule ^(.*)$ – [F,L]
[/HTML]

To save adding a blank html/php page to every directory, you can use this to prevent anyone seeing what’s in a directory. Bare in mind this can cause a 500 error as it doesn’t work on all hosting. So it’s a add it and check thing.:

[HTML]
Options All -Indexes
[/HTML]