Connect with us

Wordpress Tips

5 Must Know .htaccess WordPress Security Tricks

Most WordPress webmasters know a thing or two about their .htaccess files. You can do more than just basic redirects with it. In fact, with a few directives, you can make it a bit harder for hackers to exploit holes on your server. Here are 5 .htaccess security tips you shouldn’t miss:

📌 MemberPress: advanced WordPress plugin for subscriptions & membership sites

Block Bad Query Strings

You can use .htaccess to block bad queries designed to hack your website with remote file inclusion and SQL Injection.

Protect Files

Your WP-Config is one of the most important files on your server. This trick helps.

You should also take steps to protect your .htaccess and .htpasswd files. The htpasswd file is used to password protect your directories, so securing it is essential.

Disable Directory Browsing

This directive prevents your visitors from exploring your directories if you have no index file present.  Simply add Options -Indexes to your to .htaccess file to return 403 error pages to those accessing a directory without an index file.

Block Access to Certain Files

This is a more general directive that blocks access to your login, wp-config, and other files. You can just modify it to cover any file you would like to protect.

Stay tuned as we will cover more .htaccess tips here in the future.

Continue Reading
You may want to check out:
*some of our articles and lists include affiliate links to fund our operations (e.g. Amazon, Elegant Themes, Envato). Please read our disclaimer on how we fund Exxponent.
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

More in Wordpress Tips

To Top