An htaccess file is one of the most powerful and important file of your WordPress website. It helps in configuring the security, accessibility and performance parameters of your WordPress website.
In this article we are going to show how the default htaccess file looks like and how you can further customize it for improving the security of your WordPress website.
Table of Contents
What is a htaccess file?
An htaccess file is a type of server configuration file that lets you set rules on how your web server should communicate with your website. The file is located in the root folder of your server and can also be added to other folders for folder specific rules.
The file is named with a dot in the beginning such as .htaccess. Due to the dot being added to the file you won’t find the file in your server files and will have to enable the Show hidden files option of your FTP client,
Default WordPress .htaccess file
The default .htaccess files has the below code in it. So if you edit the file and want to revert to the default rules then you can paste the below code in the .htaccess file. Remember that the file name has a period before the htaccess text.
# BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L <IfModule> # END WordPress
Improving the security of your WordPress website using the .htaccess file
Htaccess file can be very helpful in making your website secure and prevent access to restricted sections of your server files.
Preventing access to the WP Admin area
The htacess file allows us to let only a selected list of IP address to be able to access the WP admin area. Add the below code to your htaccess file to restrict the access to the admin area to only those specific IP addresses.
AuthUserFile /dev/null AuthGroupFile /dev/null AuthName "WordPress Admin Access Control" AuthType Basic <LIMIT GET> order deny,allow deny from all allow from xx.xx.xx.xxx allow from xx.xx.xx.xxx <LIMIT>
In the above code replace the xx.xx.xx.xxx with your IP address. You can also add more IP addresses by copying and pasting the allow from xx.xx.xx.xxx code.
Disabling the directory browsing
Allowing the website visitors to be able to browse your folders is risky. It is best to disable directory browsing to prevent hackers from finding any file in your folders that might make your website vulnerable to hacks. Paste the below code in your .htacess file.
Options All -Indexes
Restricting access to the wp-config and htaccess file for everyone
The wp-config file has the credentials of your website saved in the file and it is important to prevent any unwanted access to it.
Paste the below code to restrict everyone from being able to access the wp-config file.
<files wp-config.php> order allow,deny deny from all <files>
Paste the below code to prevent anyone from accessing the htaccess file.
<files ~ "^.*\.([Hh][Tt][Aa])"> order allow,deny deny from all satisfy all <files>
Conclusion
The htaccess file of your WordPress website is one of the most important file that helps keep your website secure. You can set the above rules to prevent unauthorized access to the sensitive files of your website. If you need help with your website visit Taskmod LLC.