MaxCDN htaccess code – how and where to add MaxCDN htaccess code

Home Forums BulletProof Security Pro MaxCDN htaccess code – how and where to add MaxCDN htaccess code

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
  • #12765
    AITpro Admin

    Email Question:

    Hope you are doing well. I installed MaxCDN for my site. To avoid SEO issues, they suggested to add the following code. Where should I put it? Thank you.  Below is the example of htaccess code you should be using to send canonical header to CDN when origin domain is “”:

    <FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf|webp|html)(\.gz)?(\?.*)?$">
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule .* - [E=CANONICAL:http://%{HTTP_HOST}%{REQUEST_URI},NE]
    RewriteCond %{HTTPS} =on
    RewriteRule .* - [E=CANONICAL:https://%{HTTP_HOST}%{REQUEST_URI},NE]
    <IfModule mod_headers.c>
    Header set Link "<%{CANONICAL}e>; rel=\"canonical\""
    AITpro Admin

    IMPORTANT Note: The MaxCDN help page here: may contain newer htaccess code for MaxCDN so please check the link above instead of using the MaxCDN htaccess code posted in this forum topic.

    I believe the best place for this MaxCDN htaccess code would be in this BPS Root Custom Code text box:  CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE and it should be added BEFORE any htaccess cache code in that text box (if you have any caching code in that text box).

    After copying and pasting the MaxCDN htaccess code into this Custom Code text box, click the Save Root Custom Code button, go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.


    added maxcdn to my site and shortly after i noticed bps pro was sending wp-config to quarantine.
    my process to “fix”:
    1. turn auto restore off, save
    2. add exclude wp file rule with the file’s path, save
    3. run the 4 auto restore backups
    4. activate root folder bp mode
    5. activate wp-admin bp mode
    6. turn auto restore back on, save
    7. restore wp-config from quarantine

    is this process correct? is my wp-config file still secure?
    thank you

    AITpro Admin

    @ armintz – I was not aware that MaxCDN added anything to the wp-config.php file, but for all plugins or anything else that writes to WP files you would just use these AutoRestore|Quarantine Standard Procedural Steps:


    is my wp-config vulnerable with the exclude rule that i’ve applied?

    AITpro Admin

    @ armintz – Well you would want AutoRestore to be able to check your wp-config.php file regularly on an ongoing basis since the wp-config.php file is one of the primary attack vectors/targets for hackers.  So it is ok to temporarily exclude the wp-config.php file from being checked by AutoRestore, but long term you would not want to exclude the wp-config.php file from being checked by AutoRestore.  Recommendation:  Turn Off AutoRestore, remove/delete the wp-config.php single file exclude rule you created, click the AutoRestore Root Files Backup button and turn AutoRestore back On.

Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.