WordPress is a secure platform out of the box, but keeping your site safe should be your highest priority. You can use the file called .htaccess to harden your site security. The configuration file is used for Apache servers, it’s powerful, and you can do a lot with it, like boost performance, secure your site, create redirects or even deny access to parts of your site.
If you place code in the Htaccess ( HyperText Access ) file incorrectly, it can make your whole site give a bunch of errors and be inaccessible, until fixed. So only go touching this file if you know what you’re doing. You will find this file ( Most likely hidden ) in the root directory of your website. The dot at the start makes the file hidden. Editing it is easy, just know what you’re putting in the file is safe.
Use the text editor of your choice to open the file. You’ll see the following default data if the file hasn’t been edited before. Between the # BEGIN and # # END tags, nothing should be changed or added.
Some Examples
- Deny access to parts of your site:
- Make sure to change file-name.php to the correct name on line 1
Order Allow,Deny
Deny from All
- Disable Directory Browsing
Options All -Indexes
- Force your site to load HTTPS
HTTPSRewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=30
- Prevent Image Hot linking.
- Make sure to change your-website.com to your actual website domain on line 3.
/* Prevent image hotlinking */
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)://(www\.)your-website.com/.*$ [NC]
RewriteRule \.(gif|jpg|jpeg|bmp|png)$ - [F]
- Redirect URLs
- Cache Control
- Prevent script injection attacks
The .htaccess file provides flexibility for controlling how your web server behaves. Editing your htaccess file is just one way to improve your site’s security.