Securing WordPress Site Using .htaccess File:-
Hello friend welcome to the new class of the course and in this class we will cover how can we secure our site further more by using the .htaccess file which is present in our WordPress Install if you don’t see it there no worry just create one.
How to Save .htaccess ?
Sometimes, depending on your system you cannot save a file with the .htaccess extension.
In cases like this just save the file as htaccess.txt, upload via SFTP and then rename the file on the server using your FTP program to .htaccess .
Adding Security To Your WordPress Site Via .HTACCESS :-
.htaccess is a Delicate and Powerful file, so we need to be careful in handling it while editing it so we don’t make any errors while editing.
How to Edit .HTACCESS files :-
So you don’t need to install any new piece of software to edit it you just need your simple text editor like NotePad don’t use Word Processing type editors as they will leave some code that will corrupt the file.
Using SFTP to Edit .HTACCESS file :-
So open you SFTP client I recommend FileZilla.To edit the .HTACCESS file right click the file and open with a text editor,like Notepad on windows or textwrangler on MAC.
So Let’s Get Started :-
So as written above now get your FTP program and text editor ready we’re going to strengthen those in .htaccess file right now! , Open your site via SFTP and Download .htaccess .
Disable Directory Listing :-
To disable directory browsing we will add the following line in the file. You will add all the code from the last line of the file .
#Prevent Directory Listing
Options All -Indexes
Disable Access To Your WP-CONFIG.PHP file :-
To protect your configurations file, add the following to your .htaccess file :-
#Prevent Access to wp-config.php file
deny from all
Disable Access To Your .HTACCESS Files :-
These files generate an error when trying to be accessed directly anyhow, but it doesn’t hut to add another layer of protection. To make sure nobody can access your .htaccess files add the following code :-
#Prevent Access To .htaccess
deny from all
Limit Access To Your Admin Folder :-
Before you take this these steps there are some considerations, If you have a static or fixed IP address then this option will work well, If your IP address changes then you may end up locking your self out too. Of course, you can always use ftp to remove or change the restrictions.
To lock everyone out except the IP listed (change it to yours), create a new .htaccess file in the wp-admin folder and add the following line.
allow from 192.168.1.1
deny from all
Don’t forget to change the IP with your up
If You Password Protect Your Admin Folder, You May Break Access To Admin-Ajax.php :-
Include the following lines in your .htaccess file in wp-admin folder will fix it
Allow from all
And this is all what you have to edit in your WordPress .HTACCESS file.