Editing Your Htaccess File for Improved WordPress Security

Posted on Aug 15 2014 by in Blog Business Development 

Are you aware that you can add security to your WordPress site without installing any additional plugins? By editing your htaccess file, you can help stop malicious attacks against your WordPress site. This simple file, which can easily be edited, allows users to block IP addresses, restrict access to specific folders and files, and provide other security benefits. Installing WordPress plugins can slow down the loading of your site, making the editing of your htaccess file a great alternative. Learn how to edit your htaccess file for improved WordPress security.

Understanding the .htaccess file
Many users may have never heard of the htaccess file or what it is used for. This file is located in the root folder of your WordPress installation and depending on your web hosting provider it may be hidden from view. The htaccess file is used by a web server as a configuration file for providing various settings. As mentioned above, you can use this file to restrict IP addresses, remove access to files and directories, and more. Before editing your htaccess file, it is wise to make a copy of it, in case you need to revert back to your original htaccess file.

Blocking IP Addresses
If you have a frequent spammer or know the IP address of potentially harmful attacks, you can use your htaccess file to block specific IP addresses. Once entered, the IP addresses that you add will immediately be blocked by your web server. As soon as a user from one of these IP addresses visits your website, they will be denied access. Here is an example of this in use:

order allow, deny
allow from all

A similar method can be used to create an IP address whitelist, denying access to all IP addresses, except the ones included in the htaccess file. Use the following example to start creating your own whitelist, placing each IP address in its own line.

order deny, allow
deny from all

Prevent Directory Browsing

By default, WordPress does not block directory browsing. This means that visitors could essentially browse through all the files and folders in your WordPress directory. They would have access to view all of your media files and files located in your plugin and theme folders. This is a large security risk that is easily solved. Simply include the following line in your htaccess file:

Options All –Indexes

That will disable directory browsing and make your WordPress site more secure. These are just a few examples of how your htaccess file can be used to help protect your WordPress site. Further code can be used to only allow specific file types to be viewed, restrict access to certain folders, or disable access of single files. To deny access to a single file, use this code, replacing the filename in the example with the file you wish to block:

order allow, deny
deny from all

As you can see from these examples, the code you need to input is short and easy to include. For additional security find other examples of how the htaccess file can be used to protect your WordPress site. Keeping your WordPress site secure is easier than you may think, so start protecting your site today. With advanced support like this, why wouldn’t you purchase one of our premium themes?