In this article, I am going to provide some tips to secure your Wordpress website using .htaccess. Wordpress is a popular CMS among everyone. Because Wordpress is easy to use and install. It is very easy to learn. When you installing the wordpress, you have to make sure that how safe is your install.
In this post, I am going to share few security tips to your wordpress cms/blog using .htaccess file. Below are the 3 important files/folders to be considered while thinking about security
- wp-contents folder
- .htaccess file
Tip 1 : Protect your wp-config.php
wp-config.php is the main configuration file which resides in your root directory that stores information about your site as well as database details, this file in particular we would not want to fall into the wrong hands.
In your .htaccess add the following to prevent any access to the wp-config.php file:
deny from all
Tip 2 : No directory browsing
As WordPress is now so popular many people know the structure of a WordPress install and know where to look to discover what plug-ins you may use or any other files that might give away too much information about your site, one way to combat this is to prevent directory browsing
Options All -Indexes
Tip 3 : Prevent Access To wp-content
The wp-content folder contains images, themes and plug-ins and it's a very important folder within your WordPress install, so it makes sense to prevent outsiders accessing it.
This requires it's very own .htaccess file which must be added to the wp-content folder, it allows users to see images, CSS etc … but protects the important PHP files:
Deny from all
<Files ~ ".(xml|css|jpe?g|png|gif|js)$">
Allow from all
Tip 4 : Protect .htaccess
This below code actually stops anyone viewing any file on your site that begins with "hta", this will protect it and make it safer.
<Files ~ "^.*.([Hh][Tt][Aa])">
deny from all
Please don't forget to share and subscribe to latest updates of the blog.
Thanks. Have a great day.