Tips to secure your wordpress using .htaccess

WordPress anvar

Here I am going to share few security tips to your wordpress cms/blog using .htaccess file

Below are the 3 important files/folders to be considered while thinking about security

  1. wp-config.php
  2. wp-contents folder
  3. .htaccess file

How to protect your wp-config.php

wp-config.php is the file in your root directory that stores information about your site as well as database details, this file in particular we would not want to fall into the wrong hands.

In your .htaccess add the following to prevent any access to the wp-config.php file:

<Files wp-config.php>
order allow,deny
deny from all
</Files>

No directory browsing

As WordPress is now so popular many people know the structure of a WordPress install and know where to look to discover what plug-ins you may use or any other files that might give away too much information about your site, one way to combat this is to prevent directory browsing

Options All -Indexes

Prevent Access To wp-content

The wp-content folder contains images, themes and plug-ins and it’s a very important folder within your WordPress install, so it makes sense to prevent outsiders accessing it.

This requires it’s very own .htaccess file which must be added to the wp-content folder, it allows users to see images, CSS etc … but protects the important PHP files:

Order deny,allow
Deny from all
<Files ~ ".(xml|css|jpe?g|png|gif|js)$">
Allow from all
</Files>

Protect .htaccess

This below code actually stops anyone viewing any file on your site that begins with “hta”, this will protect it and make it safer.

<Files ~ "^.*.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</Files>