{"id":2053,"date":"2021-04-03T18:41:53","date_gmt":"2021-04-03T13:41:53","guid":{"rendered":"http:\/\/pclearnings.com\/?p=2053"},"modified":"2021-04-03T18:41:53","modified_gmt":"2021-04-03T13:41:53","slug":"wordpress-security-with-htaccess-file","status":"publish","type":"post","link":"https:\/\/pclearnings.com\/wordpress-security-with-htaccess-file\/","title":{"rendered":"WordPress Security with .HTACCESS File | Secure Your Blog"},"content":{"rendered":"

\"\"<\/a><\/p>\n

WordPress is the world’s most popular CMS with over 60 % market share. WordPress is a powerful blogging CMS but what about security ?, some thousands of WordPress websites getting hack by hackers. Here learn how to Protect and Secure your WordPress website with .htaccess file.<\/p>\n

WordPress website hacked what to do next, here WordPress security is a most important topic. Before happening it, protect your WordPress site with the custom .htaccess file.<\/p>\n

Where to Find WordPress .htaccess File<\/span><\/h2>\n

Locate your WordPress website .htaccess file location in cPanel and as well as in WordPress admin dashboard.<\/p>\n

    \n
  1. Find it in the root of your website using C panel<\/li>\n
  2. Edit it using WordPress SEO plugin by Yoast under Edit files section.<\/li>\n<\/ol>\n

    Note<\/strong>: If you are not using WordPress SEO by Yoast plugin, then edit .htaccess file through C panel.<\/p>\n

    Default .htaccess File<\/span><\/h2>\n

    Typically, the WordPress .htaccess file looks like the following. To secure your WordPress site have to add more code snippets. Don’t delete default WordPress htaccess file functions.<\/p>\n

    # BEGIN WordPress\n&lt;IfModule mod_rewrite.c&gt;\nRewriteEngine On\nRewriteBase \/\nRewriteRule ^index\\.php$ - [L]\nRewriteCond %{REQUEST_FILENAME} !-f\nRewriteCond %{REQUEST_FILENAME} !-d\nRewriteRule . \/index.php [L]\n&lt;\/IfModule&gt;\n# END WordPress<\/code><\/pre>\n
    WordPress Security with .htaccess File<\/h2>\n
    1. How to Protect wp-config.php file With .htaccess File<\/span><\/h4>\n
    Wp-config.php is the file in your root directory which stores the important information about your website and as well as website complete databases passwords. Protect Wp-config.php\u00a0with the following snippet.<\/p>\n
    &lt;files wp-config.php&gt;\norder allow,deny\ndeny from all\n&lt;\/files&gt;<\/code><\/pre>\n
    2. How to Limit Directory Browsing Using .htaccess File<\/span><\/h4>\n
    Due to a huge number of WordPress plugins availability, hackers try to discover plugins installed in your website and\u00a0they can easily find other required information through files, so protect and limit directory browsing with the following code snippets.<\/p>\n
    # directory browsing\nOptions All -Indexes<\/code><\/pre>\n
    3. How to Protect wp-content Directory using .htaccess File<\/span><\/h4>\n
    The following code allows search engines to cache images, CSS, javascript and XML files, but deny it for any other type. By Default, all major search engines like Google, Yahoo, and Bing will cache your WordPress Plugins and Themes, it will increase your server response time. So restrict them by adding the following code to your WordPress .htaccess file.<\/p>\n
    order deny,allow\ndeny from all\n&lt;files ~ \".(xml|css|jpe?g|png|gif|js)$\"&gt;\nallow from all\n&lt;\/files&gt;<\/code><\/pre>\n
    4.How to Disable Hotlinking Using .htaccess File<\/span><\/h4>\n
    Smart guys will use your images and videos and keeps the pressure on the server, which causes data storage and bandwidth problems. So prevent or disable hotlinking from any other websites by using the following code.<\/p>\n
    RewriteEngine on\nRewriteCond %{HTTP_REFERER} !^$\nRewriteCond %{HTTP_REFERER} !^http(s)?:\/\/(www\\.)?YourDomain [NC]\nRewriteRule \\.(jpg|jpeg|png|gif)$ - [NC,F,L]<\/code><\/pre>\n
    Replace your domain with your website address<\/p>\n
    5. How To Restrict Admin Access From One IP Adress Only Using .htaccess<\/span><\/h4>\n
    you can limit someone who can access your admin folder by IP address by adding the following code snippet.<\/p>\n
    # Limit logins and admin by IP\n# this goes in the \/admin folder NOT root folder .htaccess\n&lt;Limit GET POST PUT&gt;\norder deny,allow\ndeny from all\nallow from 12.34.56.78\n&lt;\/Limit&gt;<\/code><\/pre>\n
    Replace\u00a012.34.56.78 with your own IP address.<\/p>\n
    6. How to Protect Specific File Using .htaccess File<\/span><\/h4>\n
    Sometimes you may want to protect the individual or specific file instead of the entire\u00a0folder. Add the following snippet into .htaccess file easily for individual file protection.<\/p>\n
    # Protect the .htaccess\n&lt;files .htaccess=\"\"&gt;\norder allow,deny\ndeny from all\n&lt;\/files&gt;<\/code><\/pre>\n
    7. How To Ban Specific IP address Using .htaccess File<\/span><\/h4>\n
    In order to ban bad users, who\u00a0brute force your admin pages than ban them by IP address.<\/p>\n
    &lt;Limit GET POST&gt;\norder allow,deny\ndeny from 202.090.21.1\ndeny from 204.090.21.2\nallow from all\n&lt;\/Limit&gt;<\/code><\/pre>\n
    8. How To Protect .htaccess File Iteself<\/span><\/h4>\n
    All the above methods will help to secure and protect your WordPress plugins, themes, Files and other valuable databases. even though, the .htaccess file is still opened. So Protect \u00a0.htaccessItself to stop anyone scans the files which begin with \u201chta\u201d by adding the following code snippet.<\/p>\n
    &lt;files ~ \"^.*\\.([Hh][Tt][Aa])\"&gt;\norder allow,deny\ndeny from all\nsatisfy all\n&lt;\/files&gt;<\/code><\/pre>\n
    If you face any problem while adding the code to your WordPress .htaccess file, let me know in the comment section. I will help you with my best efforts to solve your problem<\/p>\n","protected":false},"excerpt":{"rendered":"
    WordPress is the world’s most popular CMS with over 60 % market share. WordPress is a powerful blogging CMS but what about security ?, some thousands of WordPress websites getting hack by hackers. Here learn how to Protect and Secure your WordPress website with .htaccess file. WordPress website hacked what to do next, here WordPress […]<\/p>\n","protected":false},"author":1,"featured_media":9356,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[47],"tags":[],"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"https:\/\/pclearnings.com\/wp-content\/uploads\/2021\/08\/htaccess-1.jpg","_links":{"self":[{"href":"https:\/\/pclearnings.com\/wp-json\/wp\/v2\/posts\/2053"}],"collection":[{"href":"https:\/\/pclearnings.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pclearnings.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pclearnings.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pclearnings.com\/wp-json\/wp\/v2\/comments?post=2053"}],"version-history":[{"count":0,"href":"https:\/\/pclearnings.com\/wp-json\/wp\/v2\/posts\/2053\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pclearnings.com\/wp-json\/wp\/v2\/media\/9356"}],"wp:attachment":[{"href":"https:\/\/pclearnings.com\/wp-json\/wp\/v2\/media?parent=2053"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pclearnings.com\/wp-json\/wp\/v2\/categories?post=2053"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pclearnings.com\/wp-json\/wp\/v2\/tags?post=2053"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}