Last Updated: May 31, 2021
· jewels

Protecting Wordpress - Hugging .htaccess

Millions of us have used Wordpress at least once and I'm sure a lot of us know the structure of a typical website created with the software. Simple intrusions such as viewing important .php files in directories is common so here is some basic .htaccess code to stop this from happening as well as a little extra to stop hackers gaining access to certain locations.

Protecting .htaccess
This will block the viewing any file on your site beginning with "hta".

<Files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all

Administration Access
Replace the IP with your own and it will only accept that for the access of the admin folder of the website.

order deny,allow
allow from (Replace IP)
deny from all

Protecting WP-Content
This must be added to its own .htaccess file in the content folder and will block any file not listed in the 'Files' from being shown, thus protecting important files such as .php and more.

Order deny,allow
Deny from all
<Files ~ ".(jpe?g|png|gif)$">
Allow from all

Banning Users
You can ban any user you want via adding them to this code in the .htaccess file. Multiple users can be added as shown below.

<Limit GET POST>
order allow,deny
deny from
deny from
allow from all

1 Response
Add your response

Great tutorial on how to do this .htaccess file always end up pissing me off this made it a bit easier.

over 1 year ago ·