Menu

Add .htaccess for additional security to your WordPress website

Secure your WordPress using .htaccess to give an additional security
In this segment, we will concentrate on utilizing your .htaccess records to deny access to your wpconfig. php document, your administration zone if you wish, disable directory browsing, and secure the .htaccess record itself.
Altering or making .htaccess records can incredibly enhance the security of your WordPress installation. Through this document we can constrain access to files and folders, perform redirects, disable directory browsing, and much more.
Edit your file .htaccess with text editor name it .htaccess.txt as you will not be able to save a file in the name of .htaccess in your local host, now upload the file to your server and rename it .htaccess through ftp or cPanel.

1. Write down these code in .htaccess file and save it.
# BEGIN WordPress

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress
You can edit the files in between – BEGIN WordPress and END WordPress lines.

2. Disable access to your wp-config.php file
Add the following to your .htaccess file to disable access to your wp-config.php file
# Prevent Access to wp-config.php file

order allow,deny
deny from all

3. Disable Directory Browsing

You will add these following lines to the file for disable directory browsing.
# Prevent Directory Browsing
Options All -Indexes

4. Disable access to your .htaccess file
These files create an another layer of protection. To make sure no one can access your .htaccess files add the following lines
# Prevent Access to .htaccess

order allow,deny
deny from all

5. Limit access to your ADMIN folder in WordPress
Before using this code to your .htaccess file you have to take some considerations. If you have a static or dedicated IP address
then this code will work well but If your IP address changes frequently then admin will also find login issues but you can use FTP or cPanel to remove the code or use your changes IP address of your system.
You can check your ip address through google , just type what is my IP? and you can use that ip in this code
order deny,allow
allow from 192.168.1.1 (here you give your ip address)
deny from all

6. Assign Password protect to Admin folder , you will break access to admin-ajax.php.
Include the following lines to your admin folder .htaccess file

Order allow,deny
Allow from all
Satisfy any

Categories:   Uncategorized

Comments