SOME USEFUL .htaccess TRICKS FOR WORDPRESS

1. Protect Your WordPress Admin Area

You can use .htaccess to protect your WordPress admin area by limiting the access to selected IP addresses only. Simply copy and paste this code into your .htaccess file:

01 AuthUserFile /dev/null
02 AuthGroupFile /dev/null
03 AuthName "WordPress Admin Access Control"
04 AuthType Basic
05 <LIMIT GET>
06 order deny,allow
07 deny from all
08 # whitelist Syed's IP address
09 allow from xx.xx.xx.xxx
10 # whitelist David's IP address
11 allow from xx.xx.xx.xxx
12 # whitelist Amanda's IP address
13 allow from xx.xx.xx.xxx
14 # whitelist Muhammad's IP address
15 allow from xx.xx.xx.xxx
16 # whitelist Work IP address
17 allow from xx.xx.xx.xxx
18 </LIMIT>

Replace xx.xx.xx.xxx with your own IP addresses. If you use more than one IP address to access the internet, then make sure you add them as well. See our guide on how to protect your admin folder in WordPress using .htaccess

2. Password Protect WordPress Admin Folder

Password protect your WordPress admin directory using .htaccess file

First you need to create a .htpasswds file. You can easily create one by using thisonline generator.

Upload this .htpasswds file outside your publicly accessible web directory or /public_html/ folder. A good path would be:

home/user/.htpasswds/public_html/wp-admin/passwd/

Now you need to create a new .htaccess file and add this code:

01 AuthName "Admins Only"
02 AuthUserFile /home/yourdirectory/.htpasswds/public_html/wp-admin/passwd
03 AuthGroupFile /dev/null
04 AuthType basic
05 require user putyourusernamehere
06 <Files admin-ajax.php>
07 Order allow,deny
08 Allow from all
09 Satisfy any
10 </Files>

Important: Don’t forget to replace AuthUserFile path with the file path of your .htpasswds file and add your own username.

Upload this .htaccess file to your wp-admin folder. That’s all, your WordPress admin folder is now password protected and only you or the users you allow will be able to access it. For detailed instructions, take a look at how to password protect your WordPress admin (wp-admin) directory.

3. Disable Directory Browsing in WordPress

Many WordPress security experts recommend disabling directory browsing. With directory browsing enabled, hackers can look into your site’s directory and file structure to find a vulnerable file. Learn more about why and how to disable directory browsing in WordPress.

Disable directory browsing using .htaccess file in WordPress

To disable directory browsing in WordPress all you need to do is add this single line in your .htaccess file:

1 Options -Indexes

4. Disable PHP Execution in Some WordPress Directories

Sometimes hacked WordPress sites usually have backdoor files. These backdoor files are often disguised as core WordPress files and are placed in /wp-includes/ or /wp-content/uploads/ folders. An easier way to improve your WordPress security is by disabling PHP execution for some WordPress directories.

Create a blank .htaccess file and paste this code inside it:

1 <Files *.php>
2 deny from all
3 </Files>

Now upload this file to your /wp-content/uploads/ and /wp-includes/ directories. For more information check out this tutorial on how to disable PHP execution in certain WordPress directories.

5. Protect Your WordPress Configuration wp-config.php File

Probably the most important file in your WordPress website’s root directory is wp-config.php file. It contains information about your WordPress database and how to connect to it. To protect your wp-config.php file from unathorized access, simply add this code to your .htaccess file:

1 <files wp-config.php>
2 order allow,deny
3 deny from all
4 </files>

6. Setting up 301 Redirects Through .htaccess File

Using 301 redirects is the most SEO friendly way to tell your users that a content has moved to a new location. If you want to properly manage your 301 Redirects on posts per post basis then check out how to do 301 redirects in WordPress with Quick Page/Post Redirect.

On the other hand if you just quickly want to redirect users from one URL to another, then all you need to do is paste this code in your .htaccess file

1 Redirect 301 /oldurl/ http://www.example.com/newurl
2 Redirect 301 /category/television/ http://www.example.com/category/tv/

7. Ban Suspicious IP Addresses

Seeing unusual requests from an IP address? Want to block an IP address from accessing your website? Add this code to your .htaccess file:

1 <Limit GET POST>
2 order allow,deny
3 deny from xxx.xxx.xx.x
4 allow from all
5 </Limit>

Replace xxx with the IP address you want to block.

8. Disable Image Hotlinking in WordPress Using .htaccess

Other people can slow down your website and steal your bandwidth by hotlinking images from your website. Normally, this doesn’t concern most users. However, if you run a popular site with lots of images and photos, then hotlinking can become a serious issue. You can prevent image hotlinking by adding this code in your .htaccess file:

1 #disable hotlinking of images with forbidden or custom image option
2 RewriteEngine on
3 RewriteCond %{HTTP_REFERER} !^$
4 RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?wpbeginner.com [NC]
5 RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC]
6 RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?feeds2.feedburner.com/wpbeginner [NC]
7 RewriteRule \.(jpg|jpeg|png|gif)$ – [NC,F,L]

Don’t forget to replace wpbeginner.com with your own domain name.

9. Protect .htaccess From Unauthorized Access

As you have seen that there are so many things that can be done using .htaccess file. Due to the power and control it has on your web server, it is important that you protect it from unauthorized access by hackers. Simply add this code to your .htaccess file:

1 <files ~ "^.*\.([Hh][Tt][Aa])">
2 order allow,deny
3 deny from all
4 satisfy all
5 </files>

We hope this article helped you learn some of the most useful .htaccess tricks for WordPress.

 

SOURCE: http://www.wpbeginner.com/wp-tutorials/9-most-useful-htaccess-tricks-for-wordpress/

Advertisements
This entry was posted in WORDPRESS. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s