Default htaccess for WordPress and How to Customize it for Better Security

An htaccess file is one of the most powerful and important file of your WordPress website. It helps in configuring the security, accessibility and performance parameters of your WordPress website.

In this article we are going to show how the default htaccess file looks like and how you can further customize it for improving the security of your WordPress website.

What is a htaccess file?

An htaccess file is a type of server configuration file that lets you set rules on how your web server should communicate with your website. The file is located in the root folder of your server and can also be added to other folders for folder specific rules.

The file is named with a dot in the beginning such as .htaccess. Due to the dot being added to the file you won’t find the file in your server files and will have to enable the Show hidden files option of your FTP client,

 

Default WordPress .htaccess file

The default .htaccess files has the below code in it. So if you edit the file and want to revert to the default rules then you can paste the below code in the .htaccess file. Remember that the file name has a period before the htaccess text.

# BEGIN WordPress

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteBase /

RewriteRule ^index\.php$ - [L]

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule . /index.php [L

<IfModule>

# END WordPress

 

Improving the security of your WordPress website using the .htaccess file

Htaccess file can be very helpful in making your website secure and prevent access to restricted sections of your server files.

 

Preventing access to the WP Admin area

The htacess file allows us to let only a selected list of IP address to be able to access the WP admin area. Add the below code to your htaccess file to restrict the access to the admin area to only those specific IP addresses.

AuthUserFile /dev/null

AuthGroupFile /dev/null

AuthName "WordPress Admin Access Control"

AuthType Basic

<LIMIT GET>

order deny,allow

deny from all

allow from xx.xx.xx.xxx

allow from xx.xx.xx.xxx

<LIMIT>

In the above code replace the xx.xx.xx.xxx with your IP address. You can also add more IP addresses by copying and pasting the allow from xx.xx.xx.xxx code.

 

Disabling the directory browsing

Allowing the website visitors to be able to browse your folders is risky. It is best to disable directory browsing to prevent hackers from finding any file in your folders that might make your website vulnerable to hacks. Paste the below code in your .htacess file.

Options All -Indexes

 

Restricting access to the wp-config and htaccess file for everyone

The wp-config file has the credentials of your website saved in the file and it is important to prevent any unwanted access to it.

Paste the below code to restrict everyone from being able to access the wp-config file.

<files wp-config.php>

order allow,deny

deny from all

<files>

Paste the below code to prevent anyone from accessing the htaccess file.

<files ~ "^.*\.([Hh][Tt][Aa])">

order allow,deny

deny from all

satisfy all

<files>

Conclusion

The htaccess file of your WordPress website is one of the most important file that helps keep your website secure. You can set the above rules to prevent unauthorized access to the sensitive files of your website.

Have questions or confused about something WordPress Related? Join Our Forum & ask a Question

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top