WordPress Tutorials

Protect WordPress Sites with .htaccess

The Hypertext Access (.htaccess) file which is present in the directory of the file is nothing but a simple configuration file that can be used for overriding the web server’s settings. Using the right and proper commands, one can easily disable or enable the extra features and functionality to block your website from hackers, spammers, and other kinds of threats.

Many of the basic features consist of normal redirects, securing the outward access to a given file or data, and better advanced functionalities like preventing the hotlinking of images, password protection, etc.

Editing the .htaccess

htaccessAs when you try to enable the WordPress’s permalinks, the given .htaccess file would automatically make the root directory installed in your website. So, when the permalinks is enabled WordPress, the .htaccess file would be automatically designed in the root directory of the given website which is installed.  In addition, when the WordPress opts for the .htaccess file, it tries to write the given data between the # End WordPress and # BEGIN WordPress file comments.

The ‘#’ character basically means that such kinds of lines are nothing but simple comments and they won’t affect the website’s configuration. Basically, these files are quite powerful and the smallest and tinny syntax error like forgetting to put a ‘<’ would simply break the website. Therefore, it is quite critical that you keep a backup of the .htaccess file just before you make any kind of changes to it.

Chances are there that some of the OS (Operating System) won’t allow you to create and develop the .htaccess file. So, the easiest and the best means to get around this particular option is following the below steps –

  • Opting for the Notepad or any kind of similar or plain text editors, and even adding the configuration commands
  • Saving the files as a normal .txt file
  • Uploading the files to the given website
  • When the file is uploaded then you can rename the file to the .htaccess

In addition, it is an excellent idea to refresh the given website, especially when the given changes below are done and helping you to switch back to the old version of the .htaccess file.

Defending the wp-config.php

For this method you will need the root directory file of WordPress installation which is the wp-config.php file. It has the details of the website’s base configuration like the information of the database connection, WordPress security keys, etc.

Of course, this information is very much sensitive and it can be accessed using the site. Basically, you can secure the wp-config.php file by simply adding the various snippets to the .htaccess data. In addition, it will be easy for you to access the files which are by yourself through cPanel, FTP, etc.

Avoiding Directory Browsing

Securing the directories from getting listed is possibly the best option and it is something which can help in obscurity. Basically, it means hiding the stuffs from viewing, avoiding the meddling individuals from searching the directories. Seriously, it is quite equivalent to storing the cash under the mattress. And it is the best practice to avoid the browsing the directories and even implementing various other basic means of protecting the website. So, in order to disable the surfing the directories, you need to add the .htaccess file.

To do it, the only thing you should do is to add a single line of code to .htaccess file in the root directory of your WordPress.

First, connect to your website and locate a hidden file the .htaccess file in the site’s root directory. If you fail to find it on the server, then please be sure the FTP client is working.

Second, download the .htaccess file to your desktop and open it in a text editor like Notepad so that you can edit it. Now add below line at the bottom of the file:


Third, save your .htaccess file and upload it back to your server using the FTP client.

After all these steps you will disable the directory browsing on your WordPress site and anyone try to locate a directory index on your website will be redirected to WordPress 404 page.

stop_hotlinkingAvoiding the Image Hot Linking

Bandwidth stealing or hotlinking occurs with individuals who want to link the images and files on various types of the server and the available bandwidth happens on the expense of other person. In addition, adding snippets to the .htaccess files will not prevent the hotlinking to the website.

Preventing the Access to the Admin Area

Basically, there are various kinds of means to protect the WordPress admin rights i.e. the wp-admin directory especially from various hackers. Now a basic method of avoiding the access is possible when the Internet has got a fixed and proper IP address and which can assist in accessing the website from a given location (same location) and thereby creating a brand new .htaccess data or file.

Once the old IP address has been changed to a new one, you can easily change the given IP address to the one which you want. Basically, this would simply allow one to gain access to the admin area of the website and also assist in blocking all the other ones. In addition, it would assis in gaining access to the files through the cPanel, FTP, etc.

Furthermore, you can add extra Internet Protocol address from the various other administrators present in the website or even from other basic locations that can help you to access from the website you want.

Frankly, edit the .htaccess data or file and creating new ones for the sub directories in order to boost the security of the website.

Leave a Reply

Your email address will not be published. Required fields are marked *