Hardening wordpress on IIS7+ web.config equivalent of .htaccess

wordpress security .htaccess iis rewrite
Using Better WP Security .htaccess rules and the rule converter wizard on IIS Manager, I got the following for the web.config file.
This file includes:
usual wordpress rewrite
denying blacklisted agents
file leeching protection
trace | delete | track protection
forbidden access to some directories
In addition to these, another tip: wordpress does work if you move your wp-config.php file one level up (Do not keep it under /www/)
<configuration> <system.webServer>  <rewrite>   <rules>    <rule name="wordpress" patternSyntax="Wildcard">     <match url="*" />     <conditions>      <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />      <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />     </conditions>     <action type="Rewrite" url="index.php" />    </rule>    <rule name="Abuse Agent Blocking from HackRepair.com" stopProcessing="true">          <match url="^.*" ignoreCase="false" />          <conditions logicalGrouping="MatchAny">            <!--# BEGIN Better WP Security-->            <!--# Begin HackRepair.com Blacklist-->            <!--# Abuse Agent Blocking-->            <add input="{HTTP_USER_AGENT}" pattern="^BlackWidow" />            <add input="{HTTP_USER_AGENT}" pattern="^Bolt\ 0" />            <add input="{HTTP_USER_AGENT}" pattern="^Bot\ mailto:craftbot\@yahoo\.com" />            <add input="{HTTP_USER_AGENT}" pattern="CazoodleBot" />            <add input="{HTTP_USER_AGENT}" pattern="^ChinaClaw" />            <add input="{HTTP_USER_AGENT}" pattern="^Custo" />            <add input="{HTTP_USER_AGENT}" pattern="^Default\ Browser\ 0" />            <add input="{HTTP_USER_AGENT}" pattern="^DIIbot" />            <add input="{HTTP_USER_AGENT}" pattern="^DISCo" />            <add input="{HTTP_USER_AGENT}" pattern="discobot" />            <add input="{HTTP_USER_AGENT}" pattern="^Download\ Demon" />            <add input="{HTTP_USER_AGENT}" pattern="^eCatch" />            <add input="{HTTP_USER_AGENT}" pattern="ecxi" />            <add input="{HTTP_USER_AGENT}" pattern="^EirGrabber" />            <add input="{HTTP_USER_AGENT}" pattern="^EmailCollector" />            <add input="{HTTP_USER_AGENT}" pattern="^EmailSiphon" />            <add input="{HTTP_USER_AGENT}" pattern="^EmailWolf" />            <add input="{HTTP_USER_AGENT}" pattern="^Express\ WebPictures" />            <add input="{HTTP_USER_AGENT}" pattern="^ExtractorPro" />            <add input="{HTTP_USER_AGENT}" pattern="^EyeNetIE" />            <add input="{HTTP_USER_AGENT}" pattern="^FlashGet" />            <add input="{HTTP_USER_AGENT}" pattern="^GetRight" />            <add input="{HTTP_USER_AGENT}" pattern="^GetWeb!" />            <add input="{HTTP_USER_AGENT}" pattern="^Go!Zilla" />            <add input="{HTTP_USER_AGENT}" pattern="^Go-Ahead-Got-It" />            <add input="{HTTP_USER_AGENT}" pattern="^GrabNet" />            <add input="{HTTP_USER_AGENT}" pattern="^Grafula" />            <add input="{HTTP_USER_AGENT}" pattern="GT::WWW" />            <add input="{HTTP_USER_AGENT}" pattern="heritrix" />            <add input="{HTTP_USER_AGENT}" pattern="^HMView" />            <add input="{HTTP_USER_AGENT}" pattern="HTTP::Lite" />            <add input="{HTTP_USER_AGENT}" pattern="HTTrack" />            <add input="{HTTP_USER_AGENT}" pattern="ia_archiver" />            <add input="{HTTP_USER_AGENT}" pattern="IDBot" />            <add input="{HTTP_USER_AGENT}" pattern="id-search" />            <add input="{HTTP_USER_AGENT}" pattern="id-search\.org" />            <add input="{HTTP_USER_AGENT}" pattern="^Image\ Stripper" />            <add input="{HTTP_USER_AGENT}" pattern="^Image\ Sucker" />            <add input="{HTTP_USER_AGENT}" pattern="Indy\ Library" />            <add input="{HTTP_USER_AGENT}" pattern="^InterGET" />            <add input="{HTTP_USER_AGENT}" pattern="^Internet\ Ninja" />            <add input="{HTTP_USER_AGENT}" pattern="^InternetSeer\.com" />            <add input="{HTTP_USER_AGENT}" pattern="IRLbot" />            <add input="{HTTP_USER_AGENT}" pattern="ISC\ Systems\ iRc\ Search\ 2\.1" />            <add input="{HTTP_USER_AGENT}" pattern="^Java" />            <add input="{HTTP_USER_AGENT}" pattern="^JetCar" />            <add input="{HTTP_USER_AGENT}" pattern="^JOC\ Web\ Spider" />            <add input="{HTTP_USER_AGENT}" pattern="^larbin" />            <add input="{HTTP_USER_AGENT}" pattern="^LeechFTP" />            <add input="{HTTP_USER_AGENT}" pattern="libwww" />            <add input="{HTTP_USER_AGENT}" pattern="libwww-perl" />            <add input="{HTTP_USER_AGENT}" pattern="^Link" />            <add input="{HTTP_USER_AGENT}" pattern="LinksManager.com_bot" />            <add input="{HTTP_USER_AGENT}" pattern="linkwalker" />            <add input="{HTTP_USER_AGENT}" pattern="lwp-trivial" />            <add input="{HTTP_USER_AGENT}" pattern="^Mass\ Downloader" />            <add input="{HTTP_USER_AGENT}" pattern="^Maxthon$" />            <add input="{HTTP_USER_AGENT}" pattern="MFC_Tear_Sample" />            <add input="{HTTP_USER_AGENT}" pattern="^microsoft\.url" />            <add input="{HTTP_USER_AGENT}" pattern="Microsoft\ URL\ Control" />            <add input="{HTTP_USER_AGENT}" pattern="^MIDown\ tool" />            <add input="{HTTP_USER_AGENT}" pattern="^Mister\ PiX" />            <add input="{HTTP_USER_AGENT}" pattern="Missigua\ Locator" />            <add input="{HTTP_USER_AGENT}" pattern="^Mozilla\.*Indy" />            <add input="{HTTP_USER_AGENT}" pattern="^Mozilla\.*NEWT" />            <add input="{HTTP_USER_AGENT}" pattern="^MSFrontPage" />            <add input="{HTTP_USER_AGENT}" pattern="^Navroad" />            <add input="{HTTP_USER_AGENT}" pattern="^NearSite" />            <add input="{HTTP_USER_AGENT}" pattern="^NetAnts" />            <add input="{HTTP_USER_AGENT}" pattern="^NetSpider" />            <add input="{HTTP_USER_AGENT}" pattern="^Net\ Vampire" />            <add input="{HTTP_USER_AGENT}" pattern="^NetZIP" />            <add input="{HTTP_USER_AGENT}" pattern="^Nutch" />            <add input="{HTTP_USER_AGENT}" pattern="^Octopus" />            <add input="{HTTP_USER_AGENT}" pattern="^Offline\ Explorer" />            <add input="{HTTP_USER_AGENT}" pattern="^Offline\ Navigator" />            <add input="{HTTP_USER_AGENT}" pattern="^PageGrabber" />            <add input="{HTTP_USER_AGENT}" pattern="panscient.com" />            <add input="{HTTP_USER_AGENT}" pattern="^Papa\ Foto" />            <add input="{HTTP_USER_AGENT}" pattern="^pavuk" />            <add input="{HTTP_USER_AGENT}" pattern="PECL::HTTP" />            <add input="{HTTP_USER_AGENT}" pattern="^PeoplePal" />            <add input="{HTTP_USER_AGENT}" pattern="^pcBrowser" />            <add input="{HTTP_USER_AGENT}" pattern="PHPCrawl" />            <add input="{HTTP_USER_AGENT}" pattern="PleaseCrawl" />            <add input="{HTTP_USER_AGENT}" pattern="^psbot" />            <add input="{HTTP_USER_AGENT}" pattern="^RealDownload" />            <add input="{HTTP_USER_AGENT}" pattern="^ReGet" />            <add input="{HTTP_USER_AGENT}" pattern="^Rippers\ 0" />            <add input="{HTTP_USER_AGENT}" pattern="SBIder" />            <add input="{HTTP_USER_AGENT}" pattern="^SeaMonkey$" />            <add input="{HTTP_USER_AGENT}" pattern="^sitecheck\.internetseer\.com" />            <add input="{HTTP_USER_AGENT}" pattern="^SiteSnagger" />            <add input="{HTTP_USER_AGENT}" pattern="^SmartDownload" />            <add input="{HTTP_USER_AGENT}" pattern="Snoopy" />            <add input="{HTTP_USER_AGENT}" pattern="Steeler" />            <add input="{HTTP_USER_AGENT}" pattern="^SuperBot" />            <add input="{HTTP_USER_AGENT}" pattern="^SuperHTTP" />            <add input="{HTTP_USER_AGENT}" pattern="^Surfbot" />            <add input="{HTTP_USER_AGENT}" pattern="^tAkeOut" />            <add input="{HTTP_USER_AGENT}" pattern="^Teleport\ Pro" />            <add input="{HTTP_USER_AGENT}" pattern="^Toata\ dragostea\ mea\ pentru\ diavola" />            <add input="{HTTP_USER_AGENT}" pattern="URI::Fetch" />            <add input="{HTTP_USER_AGENT}" pattern="urllib" />            <add input="{HTTP_USER_AGENT}" pattern="User-Agent" />            <add input="{HTTP_USER_AGENT}" pattern="^VoidEYE" />            <add input="{HTTP_USER_AGENT}" pattern="^Web\ Image\ Collector" />            <add input="{HTTP_USER_AGENT}" pattern="^Web\ Sucker" />            <add input="{HTTP_USER_AGENT}" pattern="Web\ Sucker" />            <add input="{HTTP_USER_AGENT}" pattern="webalta" />            <add input="{HTTP_USER_AGENT}" pattern="^WebAuto" />            <add input="{HTTP_USER_AGENT}" pattern="^[Ww]eb[Bb]andit" />            <add input="{HTTP_USER_AGENT}" pattern="WebCollage" />            <add input="{HTTP_USER_AGENT}" pattern="^WebCopier" />            <add input="{HTTP_USER_AGENT}" pattern="^WebFetch" />            <add input="{HTTP_USER_AGENT}" pattern="^WebGo\ IS" />            <add input="{HTTP_USER_AGENT}" pattern="^WebLeacher" />            <add input="{HTTP_USER_AGENT}" pattern="^WebReaper" />            <add input="{HTTP_USER_AGENT}" pattern="^WebSauger" />            <add input="{HTTP_USER_AGENT}" pattern="^Website\ eXtractor" />            <add input="{HTTP_USER_AGENT}" pattern="^Website\ Quester" />            <add input="{HTTP_USER_AGENT}" pattern="^WebStripper" />            <add input="{HTTP_USER_AGENT}" pattern="^WebWhacker" />            <add input="{HTTP_USER_AGENT}" pattern="^WebZIP" />            <add input="{HTTP_USER_AGENT}" pattern="Wells\ Search\ II" />            <add input="{HTTP_USER_AGENT}" pattern="WEP\ Search" />            <add input="{HTTP_USER_AGENT}" pattern="^Wget" />            <add input="{HTTP_USER_AGENT}" pattern="^Widow" />            <add input="{HTTP_USER_AGENT}" pattern="^WWW-Mechanize" />            <add input="{HTTP_USER_AGENT}" pattern="^WWWOFFLE" />            <add input="{HTTP_USER_AGENT}" pattern="^Xaldon\ WebSpider" />            <add input="{HTTP_USER_AGENT}" pattern="zermelo" />            <add input="{HTTP_USER_AGENT}" pattern="^Zeus" />            <add input="{HTTP_USER_AGENT}" pattern="^Zeus\.*Webster" />            <add input="{HTTP_USER_AGENT}" pattern="ZyBorg" />          </conditions>          <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />        </rule>        <rule name="Imported Rule 2" stopProcessing="true">          <match url="^wp-admin/includes/" ignoreCase="false" />          <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />        </rule>        <rule name="Imported Rule 3" stopProcessing="true">          <match url="^wp-includes/[^/]+\.php$" ignoreCase="false" />          <conditions>            <!--# RewriteRule !^wp-includes/ - [S=3]-->            <add input="{SCRIPT_FILENAME}" pattern="^(.*)wp-includes/ms-files.php" ignoreCase="false" negate="true" />          </conditions>          <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />        </rule>        <rule name="Imported Rule 4" stopProcessing="true">          <match url="^wp-includes/js/tinymce/langs/.+\.php" ignoreCase="false" />          <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />        </rule>        <rule name="Imported Rule 5" stopProcessing="true">          <match url="^wp-includes/theme-compat/" ignoreCase="false" />          <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />        </rule>        <rule name="Imported Rule 6" stopProcessing="true">          <match url="^(.*)$" ignoreCase="false" />          <conditions>            <add input="{REQUEST_METHOD}" pattern="^(TRACE|DELETE|TRACK)" />          </conditions>          <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />        </rule>     </rules>               </rewrite>  </system.webServer></configuration>
CodeHunter

Hardening wordpress on IIS7+ web.config equivalent of .htaccess

Recent Posts

How can I color dots in a xy scatterplot according to column value?

How to update a claim in ASP.NET Identity?

What does {0} mean when initializing an object?

Accessing members of items in a JSONArray with Java

How to log SQL statements in Spring Boot?

Powershell Get-WebSite name parameter is ignored

How to detect scroll to bottom of html element

Java synchronized method

How to test controllers with CodeIgniter?

Detect Visual Composer

Matplotlib: Specify format of floats for tick labels

Rails join a list of strings with commas and "and" before the last
