15 Most Useful .htaccess tricks for WordPress

Useful .htaccess tricks for Wordpress

What is a .htaccess file?

The .htaccess file is a powerful texture file which you can do a lot of things on your website.It is a server structure file and it generate SEO friendly URL structure. So, we listed 15 Most Useful .htaccess tricks for WordPress

The .htaccess file is locate in WordPress site’s root folder.You have to connect your website using an FTP client / C-panel to edit it.

What is a .htaccess file

Before you make changes in your site you have to backup your existing .htaccess file before something goes wrong.If something happened then upload the backup file that you download in the first place.

If you can’t see the .htaccess file,then confirm your C-Panel / FTP client is show hidden files.If you don’t have a .htaccess file in your root folder then you need to create a file. First create a blank text file and save it as .htaccess.Then upload the the file to your root folder.

Here, some useful .htaccess tricks for your wordpress site:

  1. Protect Your WordPress Admin Area
  2. Disable Directory Browsing
  3. Password Protect WordPress Admin Folder
  4. Protect Your WordPress Configuration wp-config.php File
  5. Disable PHP Execution in Some WordPress Directories
  6. Setting up 301 Redirects Through .htaccess File
  7. Disable Image Hotlinking in WordPress Using .htaccess
  8. Ban Suspicious IP Addresses
  9. Protect .htaccess From Unauthorized Access
  10.  Increase File Upload Size in WordPress
  11. Blocking Author Scans in WordPress
  12. Disable Access to XML-RPC File Using .htaccess

 

1.Protect Your WordPress Admin Area

Protect Your WordPress Admin Area

If you want to protect your WP admin area by limiting the access to some selected IP addresses then you can use .htaccess file.Then copy and paste this code into your .htaccess file.

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "WordPress Admin Access Control"
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
# whitelist Mary's IP address
allow from xx.xx.xx.xxx
# whitelist Peter's IP address
allow from xx.xx.xx.xxx
</LIMIT>

Note:Replace xx values with your IP address.If you use more than one IP adresses to access the internet confirm that you add them as well.

 

2.Disable Directory Browsing

If you want to protect your site from the hackers then you need to add a single line in your .htaccess file to disable directory browsing in WordPress. Because they can manipulate and your file structure to find a vulnerable file.

Ex: testing.php

Options -Indexes

Disable Directory Browsing

3.Password Protect WordPress Admin Folder

Password Protect WordPress Admin Folder

If you want to protect your WordPress admin area, because when you are trying to access your wordpress site from multiple locations then specific IP addresses may not work for you.

Therefore firstly,you need to create a .htpasswds file.

Then upload this file outside your publicy accessible web directory or /public_html/ folder.

/home/user/.htpasswds/public_html/wp-admin/passwd/

Then,create a new .htaccess file and add the codes in there:

AuthName "Admins Only"
AuthUserFile /home/yourdirectory/.htpasswds/public_html/wp-admin/passwd
AuthGroupFile /dev/null
AuthType basic
require user putyourusernamehere
<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any
</Files>

Note:Don’t forget to replace AuthUserFile path with your .htpasswds file and add your own username.

Now your WordPress admin folder is password protected and only you can to access it.

 

4.Protect Your WordPress Configuration wp-config.php File

Protect my WordPress Configuration wp-config.php File

In your WordPress website’s the most important file is wp-config.php file.Because it has all information about your WordPress database.So, you have to protect your wp-config.php file from others.

To do this, type this code to your .htaccess file:

<files wp-config.php>
order allow,deny
deny from all
</files>

5.Disable PHP Execution in Some WordPress Directories

You must improve your WordPress security.Because hackers can break into your wordpress site and install a backdoor.Backdoor files mean that these files are unknown core WordPress files.These backdoor files are placed in /wp-includes/ or /wp-content/uploads/ folders.

To improve your WordPress security, you have to disable PHP execution for some WordPress directories.To do this,You have to create a blank .htaccess file and type the follwing code there.

<Files *.php>
deny from all
</Files>

Then save the .htaccess file and upload this file to your /wp-content/uploads/ and /wp-includes/ directories.

 

6.Setting up 301 Redirects through .htaccess File

Setting up 301 Redirects through .htaccess File

What is 301 redirects?

It is a easiest path to tell your users that a content has moved to a new location.

So, if you want to setup redirects, then type following code in your .htaccess file.

<files wp-config.php>
order allow,deny
deny from all
</files>

 

7.Disable Image Hotlinking in WordPress Using .htaccess

If your WordPress site slow down then it mean that you have got a problem.What’s the reason for this?

Other websites can steal your bandwith limit by hotlinking images from your site.That’s a main cause for this problem.If your website is small one it’s not a big issue.But if your website is popular or big website then it will become a serious issue.

So,you have to prevent your website’s images by image hotlinking.To do this you have to enter following code to your .htaccess file:

#disable hotlinking of images
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?webcrowns.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ – [NC,F,L]

Note: Replace webcrowns.com with your own domain name.

 

8.Ban Suspicious IP Addresses

If you have more expectional requests in your website from a specific IP address and if it bother to your website then you can block those requests by blocking that IP address.

To do this you have to enter following code to your .htacess file:

<Limit GET POST>
order allow,deny
deny from xxx.xxx.xx.x
allow from all
</Limit>

Note: Replace xx with IP address that which IP address you want to block.

 

9.Protect .htaccess From Unauthorized Access

Useful .htaccess tricks for WordPress

To protect your website from unauthorized persons then you have to protect your web server.Because you know that, we can do so many things using the .htacccess file.

To protect your site from hackers you have to add following code to your .htaccess file:

<files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</files>

 

10. Increase File Upload Size in WordPress

To  Increase File Upload Size in WordPress you have different methods that you can do.

One of them is by adding following code to your .htaccess file to  Increase File Upload Size in WordPress.

#Increase file upload size
php_value upload_max_filesize 64M
php_value post_max_size 64M
#Maximum execution time
php_value max_execution_time 300
php_value max_input_time 300

 

11.Blocking Author Scans in WordPress

Useful .htaccess tricks for WordPress

This is a ferocious attack technique to crack passwords for those usernames.

To block Author Scan then you have to enter following code to your .htaccess file:

# BEGIN
RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} (author=\d+) [NC]
RewriteRule .* - [F]
# END

 

12.Disable Access to XML-RPC File Using .htaccess

Disable Access to XML-RPC File Using .htaccess

When you are installing wordpress, it will comes with a file called xmlrpc.php. Until this file is in your PC it will allows to connect third party apps to your wordpress site.

To disable this feature threre are different ways that we can do.The one way of to do it is by entering the following code to your .htaccess file.

<Files xmlrpc.php>
order deny,allow
deny from all
</Files>

We hope this article helped you to know about most useful .htaccess tricks for your wordpress site.

 

Leave a Reply

Your email address will not be published. Required fields are marked *