.htaccess securiy tips for your Wordpress site

MooseLucifer

Well-known member
Registered
Joined
May 20, 2016
Messages
149
Points
28
Currently WordPress is the most widely used today with many websites built on this platform. Because it is easy to use and install, also for this reason that the security for WordPress sites are made becomes more difficult. However, through this post, I will share with you 3 easy tips to help you secure your Wordpress blog.

3 tips to secure your Wordpress with .htaccess

Here are 3 important files/folders in WordPress that you should protect

1. wp-config.php
2. wp-contents folder
3. .htaccess file
Secure your wp-config.php file

wp-config.php is file in root folder, it stores information about your website, also databases. This is very important file that you can not allow other people know. So, you need to protect wp-config.php for viewing.

Code:
<Files wp-config.php>
order allow,deny
deny from all
</Files>
No directory browsing

WordPress is so popular hence everyone can know its folder and files structure hence we can make the folder view as public as following

Code:
Options All -Indexes
Protect your wp-content

wp-content folder contains the images, themes and plug-ins folder and it is very important so that we can prevent external access as follows:

Code:
Order deny,allow
Deny from all
<Files ~ ".(xml|css|jpe?g|png|gif|js)$">
Allow from all
</Files>
Protect your .htaccess file

The code below will prevent all who view any files on your website starts with "hta"

Code:
<Files ~ "^.*.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</Files>
I hope with these tips you will be able to secure for yourself or your blog site and looking forward to hearing other tips on how to secure our Wordpress site.

Good luck!
 

UWH-David

Member
Registered
Joined
Jan 18, 2016
Messages
45
Points
8
You can also go a step further by restricting access to the admin area:

Code:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^IP Address One$
RewriteCond %{REMOTE_ADDR} !^IP Address Two$
RewriteCond %{REMOTE_ADDR} !^IP Address Three$
RewriteRule ^(.*)$ - [R=403,L]
</IfModule>
 
Recommended Threads

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top