Contact Form Demo

How to secure your WordPress using htaccess file

There are several ways you can use the .htaccess file to secure your WordPress site:

Protect the wp-config.php file: This file contains sensitive information such as your database credentials and WordPress keys. You can add the following code to your .htaccess file to block access to this file:

<Files wp-config.php>
order allow,deny
deny from all
</Files>


Limit access to the wp-admin directory: You can block access to the wp-admin directory from all IP addresses except your own. To do this, add the following code to your .htaccess file:

order deny,allow allow from xx.xxx.xxx.xxx deny from all
Replace xx.xxx.xxx.xxx with your own IP address.

Enable password protection: You can use the .htaccess file to password-protect certain directories on your site. For example, to password-protect the wp-admin directory, add the following code to your .htaccess file:

AuthType Basic
AuthName "Restricted Area"
AuthUserFile /path/to/.htpasswd
Require valid-user
You will also need to create a .htpasswd file and add a username and password to it.

Block access to specific IP addresses: If you notice suspicious activity coming from a particular IP address, you can block that address from accessing your site by adding the following code to your .htaccess file:

order allow,deny
deny from xx.xxx.xxx.xxx
allow from all
Replace xx.xxx.xxx.xxx with the IP address you want to block.

Enable hotlink protection: Hotlinking occurs when someone links directly to an image on your site from their own site, causing your server to serve the image for both sites. You can prevent this by adding the following code to your .htaccess file:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www.)?yourdomain.com [NC]
RewriteRule .(jpg|jpeg|png|gif)$ - [NC,F,L]
Replace yourdomain.com with your own domain name.

These are just a few examples of the ways you can use the .htaccess file to secure your WordPress site. It’s important to keep in mind that the .htaccess file is a powerful tool and any mistakes made while editing it can cause your site to become inaccessible. It’s always a good idea to backup your .htaccess file before making any changes.