Wordpress

WordPress Security with .HTACCESS File | Secure Your Blog

WordPress is the world’s most popular CMS with over 60 % market share. WordPress is a powerful blogging CMS but what about security ?, some thousands of WordPress websites getting hack by hackers.Here learn how to Protect and Secure your WordPress website with .htaccess file.

WordPress website hacked what to do next, here WordPress security is a most important topic.Before happening it , protect your WordPress site with the custom .htaccess file.

WORDPRESS HTACCESS FILE LOCATION

Locate your WordPress website .htaccess file location in cPanel and as well as in WordPress admin dashboard.

1.Find it in the root of your website using C panel

2.Edit it using WordPress SEO plugin by Yoast under Edit files section.

Note: If you are not using WordPress SEO by Yoast plugin, then edit .htaccess file through C panel.

DEFAULT  .HTACCESS FILE

Typically, the WordPress .htaccess file looks like the following.To secure your WordPress site have to add more code snippets.Don’t delete default WordPress htaccess file functions.

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

PROTECT WP-CONFIG. PHP

Wp-config.php is the file in your root directory which stores the important information about your website and as well as website complete databases passwords. Protect Wp-config.php with the following snippet.

<files wp-config.php>
order allow,deny
deny from all
</files>

LIMIT DIRECTORY BROWSING

Due to a huge number of WordPress plugins availability, hackers try to discover plugins installed in your website and they can easily find other required information through files, so protect and limit directory browsing with the following code snippets.

# directory browsing
Options All -Indexes

PROTECT  WP- CONTENT DIRECTORY

The following code allows search engines to cache images, CSS, javascript and XML files, but deny it for any other type.By Default, all major search engines like Google, Yahoo, and Bing will cache your WordPress Plugins and Themes, it will increase your server response time.So restrict them by adding the following code to your WordPress .htaccess file.

order deny,allow
deny from all
<files ~ ".(xml|css|jpe?g|png|gif|js)$">
allow from all
</files>

DISABLE HOTLINKING

Smart guys will use your images and videos and keeps the pressure on the server, which causes data storage and bandwidth problems. So prevent or disable hotlinking from any other websites by using the following the following code.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?YourDomain [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]

Replace your domain with your website address

RESTRICT ADMIN ACCESS FROM YOUR IP ONLY

you can limit someone who can access your admin folder by IP address by adding the following code snippet.

# Limit logins and admin by IP
# this goes in the /admin folder NOT root folder .htaccess
<Limit GET POST PUT>
order deny,allow
deny from all
allow from 12.34.56.78
</Limit>

Replace 12.34.56.78 with your own IP address.

SPECIFIC FILE PROTECTION

Sometimes you may want to protect the individual or specific file instead of the entire folder. Add the following snippet into .htaccess file easily for individual file protection.

# Protect the .htaccess
<files .htaccess="">
order allow,deny
deny from all
</files>

BAN SPECIFIC IP

In order to ban bad users, who brute force your admin pages than ban them by IP address.

<Limit GET POST>
order allow,deny
deny from 202.090.21.1
deny from 204.090.21.2
allow from all
</Limit>

 PROTECT .HTACCESS ITSELF

All above methods will help to secure and protect your WordPress plugins, themes, Files and other valuable databases. even though, the .htaccess file is still opened. So Protect  .htaccessItself to stop anyone scans the files which begin with “hta” by adding the following code snippet.

<files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</files>

If you face any problem while adding the code to your WordPress .htaccess file, let me know.

About the author

Syed Moin Ali

Hello My Name is Syed Moin Ali and I am the founder of PC Learnings Here on this blog I write about Blogging, SEO, Internet Tricks, Social Networking Site, and Make Money

Add Comment

Click here to post a comment