Here I am going to share few security tips to your wordpress cms/blog using .htaccess file
Below are the 3 important files/folders to be considered while thinking about security
- wp-contents folder
- .htaccess file
How to protect your wp-config.php
wp-config.php is the file in your root directory that stores information about your site as well as database details, this file in particular we would not want to fall into the wrong hands.
In your .htaccess add the following to prevent any access to the wp-config.php file:
<Files wp-config.php> order allow,deny deny from all </Files>
No directory browsing
As WordPress is now so popular many people know the structure of a WordPress install and know where to look to discover what plug-ins you may use or any other files that might give away too much information about your site, one way to combat this is to prevent directory browsing
Options All -Indexes
Prevent Access To wp-content
The wp-content folder contains images, themes and plug-ins and it’s a very important folder within your WordPress install, so it makes sense to prevent outsiders accessing it.
This requires it’s very own .htaccess file which must be added to the wp-content folder, it allows users to see images, CSS etc … but protects the important PHP files:
Order deny,allow Deny from all <Files ~ ".(xml|css|jpe?g|png|gif|js)$"> Allow from all </Files>
This below code actually stops anyone viewing any file on your site that begins with “hta”, this will protect it and make it safer.
<Files ~ "^.*.([Hh][Tt][Aa])"> order allow,deny deny from all satisfy all </Files>