adding more from the html5 boilerplate .htaccess (remember to use wp-super-cache to control expires)

includes/roots-htaccess.php

@@ -148,6 +148,48 @@ function roots_add_htaccess($rules) {
 	$rules .= "\n</IfModule>";
 	$rules .= "\n";
 	$rules .= "\n";
+	$rules .= "\n";
+	$rules .= "\n# ----------------------------------------------------------------------";
+	$rules .= "\n# Stop screen flicker in IE on CSS rollovers";
+	$rules .= "\n# ----------------------------------------------------------------------";
+	$rules .= "\n";
+	$rules .= "\n# The following directives stop screen flicker in IE on CSS rollovers - in";
+	$rules .= "\n# combination with the \"ExpiresByType\" rules for images (see above). If";
+	$rules .= "\n# needed, un-comment the following rules.";
+	$rules .= "\n";
+	$rules .= "\n# BrowserMatch \"MSIE\" brokenvary=1";
+	$rules .= "\n# BrowserMatch \"Mozilla/4.[0-9]{2}\" brokenvary=1";
+	$rules .= "\n# BrowserMatch \"Opera\" !brokenvary";
+	$rules .= "\n# SetEnvIf brokenvary 1 force-no-vary";
+	$rules .= "\n";
+	$rules .= "\n";
+	$rules .= "\n";
+	$rules .= "\n# ----------------------------------------------------------------------";
+	$rules .= "\n# Prevent SSL cert warnings";
+	$rules .= "\n# ----------------------------------------------------------------------";
+	$rules .= "\n";
+	$rules .= "\n# Rewrite secure requests properly to prevent SSL cert warnings, e.g. prevent ";
+	$rules .= "\n# https://www.domain.com when your cert only allows https://secure.domain.com";
+	$rules .= "\n# Uncomment the following lines to use this feature.";
+	$rules .= "\n";
+	$rules .= "\n# <IfModule mod_rewrite.c>";
+	$rules .= "\n#   RewriteCond %{SERVER_PORT} !^443";
+	$rules .= "\n#   RewriteRule (.*) https://example-domain-please-change-me.com/$1 [R=301,L]";
+	$rules .= "\n# </IfModule>";
+	$rules .= "\n";
+	$rules .= "\n";
+	$rules .= "\n";
+	$rules .= "\n# ----------------------------------------------------------------------";
+	$rules .= "\n# Prevent 404 errors for non-existing redirected folders";
+	$rules .= "\n# ----------------------------------------------------------------------";
+	$rules .= "\n";
+	$rules .= "\n# without -MultiViews, Apache will give a 404 for a rewrite if a folder of the same name does not exist ";
+	$rules .= "\n#   e.g. /blog/hello : webmasterworld.com/apache/3808792.htm";
+	$rules .= "\n";
+	$rules .= "\nOptions -MultiViews ";
+	$rules .= "\n";
+	$rules .= "\n";
+	$rules .= "\n";
 	$rules .= "\n# ----------------------------------------------------------------------";
 	$rules .= "\n# UTF-8 encoding";
 	$rules .= "\n# ----------------------------------------------------------------------";
@@ -158,6 +200,54 @@ function roots_add_htaccess($rules) {
 	$rules .= "\n# force utf-8 for a number of file formats";
 	$rules .= "\nAddCharset utf-8 .html .css .js .xml .json .rss";
 	$rules .= "\n";
+	$rules .= "\n";
+	$rules .= "\n";
+	$rules .= "\n# ----------------------------------------------------------------------";
+	$rules .= "\n# A little more security";
+	$rules .= "\n# ----------------------------------------------------------------------";
+	$rules .= "\n";
+	$rules .= "\n";
+	$rules .= "\n# Do we want to advertise the exact version number of Apache we're running?";
+	$rules .= "\n# Probably not.";
+	$rules .= "\n## This can only be enabled if used in httpd.conf - It will not work in .htaccess";
+	$rules .= "\n# ServerTokens Prod";
+	$rules .= "\n";
+	$rules .= "\n";
+	$rules .= "\n# \"-Indexes\" will have Apache block users from browsing folders without a default document";
+	$rules .= "\n# Usually you should leave this activated, because you shouldn't allow everybody to surf through";
+	$rules .= "\n# every folder on your server (which includes rather private places like CMS system folders).";
+	$rules .= "\nOptions -Indexes";
+	$rules .= "\n";
+	$rules .= "\n";
+	$rules .= "\n# Block access to \"hidden\" directories whose names begin with a period. This";
+	$rules .= "\n# includes directories used by version control systems such as Subversion or Git.";
+	$rules .= "\n<IfModule mod_rewrite.c>";
+	$rules .= "\n  RewriteRule \"(^|/)\.\" - [F]";
+	$rules .= "\n</IfModule>";
+	$rules .= "\n";
+	$rules .= "\n";
+	$rules .= "\n# If your server is not already configured as such, the following directive";
+	$rules .= "\n# should be uncommented in order to set PHP's register_globals option to OFF.";
+	$rules .= "\n# This closes a major security hole that is abused by most XSS (cross-site";
+	$rules .= "\n# scripting) attacks. For more information: http://php.net/register_globals";
+	$rules .= "\n#";
+	$rules .= "\n# IF REGISTER_GLOBALS DIRECTIVE CAUSES 500 INTERNAL SERVER ERRORS :";
+	$rules .= "\n#";
+	$rules .= "\n# Your server does not allow PHP directives to be set via .htaccess. In that";
+	$rules .= "\n# case you must make this change in your php.ini file instead. If you are";
+	$rules .= "\n# using a commercial web host, contact the administrators for assistance in";
+	$rules .= "\n# doing this. Not all servers allow local php.ini files, and they should";
+	$rules .= "\n# include all PHP configurations (not just this one), or you will effectively";
+	$rules .= "\n# reset everything to PHP defaults. Consult www.php.net for more detailed";
+	$rules .= "\n# information about setting PHP directives.";
+	$rules .= "\n";
+	$rules .= "\n# php_flag register_globals Off";
+	$rules .= "\n";
+	$rules .= "\n";
+	$rules .= "\n# Increase cookie security";
+	$rules .= "\n<IfModule php5_module>";
+	$rules .= "\n  php_value session.cookie_httponly true";
+	$rules .= "\n</IfModule>";
 	
 	return $rules;
 }