Skip to content

Best htaccess Security Tips

Last updated on May 16, 2019

A lot of programmers are looking for the best htaccess security tips out there. They want to protect their sites from hackers, so they are seeking new, effective ways of doing this as soon as possible. We are going to give you some tips about this important aspect of your WordPress development so that you can stay on the safe side longer. As you will see, keeping your website protected is not hard at all, and you just need to make a couple of changes to get what you want. So read on to find out more about this.

Protect Important Files and Directory Access
Protect your .htaccess file along with your php.ini file, wp-config.php file, and error logs. Once you do these changes, any attempt to access these files will be denied right away. Replace your php.ini with a file called php5.ini. Now all you have to do is restrict people´s access to the Admin. Add “Options All –Indexes” to your .htaccess file. This will prevent any kind of directory access, so hackers will have a harsh time trying to figure out how to access this part of your WordPress system.

Preventing Username Enumeration
Hackers will try to know your username. This is all they need to find another important information: your password. You should use a strong password so you can prevent username enumeration. This is an obstacle that you can make for a hacker so that it is harder for them to access your site. Add this to your .htaccess file so you can keep username enumeration from happening:
RewriteCond %{QUERY_STRING} author=dRewriteRule ^ /? [L,R=301]

Custom Error Pages
You can use the .htaccess file to create custom error pages for common errors such as 500, 404, and 403. Upload these pages to the base WordPress installation directory. For instance, you can create the error404.html page, and then you can also upload it to the WordPress installation directory right away. Now go to your .htaccess file so you can enable your custom error pages: ErrorDocument 404 /error.html.

As you can see, enhancing your .htaccess security is not hard. Remember that you have to protect your important files as much as you can. Keeping your files, usernames and directory access safe from hackers as we have outlined above should be a significant step towards making sure your site stays secure and safe.

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *