5 Changes To Htaccess To Improve Your Security

Improving your WordPress security is an integral part of keeping hackers at bay and while there are a number of things you can do, we’re going to look at 5 changes to htaccess you can make to improve your WordPress security.

#1 Ban Bad Users If you continuously have the same IP address attempting to access your site or attempting to use brute force to access your admin pages, you can ban them by putting this little snippet of code in your .htaccess.

order allow,deny deny from allow from all They will no longer have access to your site. You can easily add more by just repeating the deny line. Here’s an example: order allow,deny deny from deny from allow from all

#2 Stop Access To wp-content The wp-content folder contains images, plug-ins and themes. It is one of the key folders within your WordPress install so you will want to prevent access by outsiders. This needs its own .htaccess file which you will need to add to the wp-content folder, it lets users see images, CSS etc... but it will protect the key PHP files: Order deny,allow Deny from all Allow from all

#3 No Directory Browsing Because of the popularity of WordPress too many people now know the WordPress install structure and where to find the plug-ins that might give away too much information about your WordPress site. You can stop that by preventing directory browsing. # directory browsing Options All –Indexes

#4 Individual File Protection There are some files you you want o make sure are protected on an individual bases rather than having to block the entire folder they reside in. The snippet example below shows you how to prevent access to the .htaccess file and doing this will throw a 403 if anyone accesses. You can change the filename c to whatever file you want to protect: # Protect the .htaccess order allow,deny deny from all

#5 Protect .htaccess We are so busy worrying about whether we are using the correct plug-ins or whether we’ve installed all the updates for fixes, that we overlook that the .htaccess file is open for attack. The snippet below will stop others from seeing any file on your site that starts with "hta", so this will protect your site and make it safer.

order allow,deny deny from all satisfy all

This is by no means all of the ways you can improve your security with htaccess, but gives you a good start so get busy.

More Articles

Essential Plugins To Harden Your WordPress Security
... It can be used as an option rather than using the WordPress Backup Manager. Ask Apache Password Protect This plugin does not control WordPress, nor will it mess with your database. Rather it uses speedy, proven built-in security features that provide a number of multiple security layers to your blog. Admin SSL Secure Plugin This is another plugin for keeping your admin panel ...  (more >>)

How To Prevent Hacking Of Your WordPress Site
... who use methods like SQL injection attacks and/or XSS by means of the URL query string and form inputs. Two common types of hacker blocking techniques are input validation and custom error pages. These methods are so simple you won t have any problem doing them even with just basic coding knowledge. Your greatest strategy would be to put up one or more obstacle. 1. SQL database ...  (more >>)