How To Secure WordPress Blogs Via Htaccess File

According to Wikipedia, .htaccess (Hypertext Access) is the default name of Apache’s directory-level configuration file. It provides the ability to customize configuration directives defined in the main configuration file. This tutorial looks at securing wordpress installations via the htaccess file.


Disclaimer: These hacks are provided as is. I shall take no responsibility how any mishap that may befall your blog/site during the implementation of these hacks. Please backup your htaccess files in a secure place. Should things go wrong, simply delete the new htaccess and re-upload the old one.

The .htaccess file, amongst it’s many functions, can help you easily improve your blog’s security, reduce bandwidth usage and increase usability.

Note: The following hacks make use of IP address. Be sure to replace the xxx in “Allow from xxx.xxx.xxx.xxx” with your static IP example 192.168.100.009. If you use a dynamic IP where the last field varies, leave it blank example 192.168.100.xxx. If you access your blog’s admin area from various places, feel free to add as many “Allow from xxx.xxx.xxx.xxx” as possible.

  • WP-Config Protection:Your wp-config file contains your database name, your database username and your database password. In other words, you’ll want to keep it secure.

# PROTECT WP-CONFIG.PHP
<files wp-config.php>
order deny,allow
deny from all
allow from xxx.xxx.xxx.xxx
</files>

  • Protect your .htaccess file: After you’ve spent all that time protecting your blog from .htaccess attack, the last thing you want to do is leave your .htaccess file itself open to attack!The hack below prevents external access to any file with .hta (or any case insensitive variation). Place the code below in your domain’s root .htaccess file.

# STRONG HTACCESS PROTECTION
<Files ~ "^.*\.([Hh][Tt][Aa])">
order deny,allow
deny from all
satisfy all
allow from xxx.xxx.xxx.xxx
</Files>

  • WP-Login Protection: This hack will make your blog’s log-in area accessible to no one but you.

#PROTECT WP-CONFIG.PHP
<Files wp-login.php>
Order deny,allow
Deny from All
Allow from xxx.xxx.xxx.xxx
</Files>

Remember to backup your original htaccess file and should something go wrong with your blog, simply delete the new htaccess and upload the old one. Cheers!

Thanks to A-Z of WordPress htaccess hacks and Keep wordpress secure for providing some insight in the writing of this tutorial.



Related Articles You May Like To Read
  1. How To Secure WordPress Blogs With Plug-ins
  2. How To Secure Your Download Files And Bandwidth
  3. How To Remove WordPress Version Generator Tag
  4. Analyzing Kothapally Arun’s SEO For WordPress 3.0 Blogs
  5. Top 7 Tweaks For A Faster WordPress Blog

Disclosure: Please note that each time you make a purchase via any referral link on this site, I make a commission. Click here for more info.


No Comments so far. Leave Yours Below

If you want to ask a question regarding anything from blogging to making money online and wordpress plugins tips, do please make use of the floating search bar at the bottom of this site. If you don't find what you're looking for, then feel free to ask your question

ALL COMMENTS WITH KEYWORDS AS NAMES WILL BE DELETED! TAKE NOTE!


Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.