Most WordPress webmasters know a thing or two about their .htaccess files. You can do more than just basic redirects with it. In fact, with a few directives, you can make it a bit harder for hackers to exploit holes on your server. Here are 5 .htaccess security tips you shouldn’t miss:
Block Bad Query Strings
You can use .htaccess to block bad queries designed to hack your website with remote file inclusion and SQL Injection.
Protect Files
Your WP-Config is one of the most important files on your server. This trick helps.
You should also take steps to protect your .htaccess and .htpasswd files. The htpasswd file is used to password protect your directories, so securing it is essential.
Disable Directory Browsing
This directive prevents your visitors from exploring your directories if you have no index file present. Simply add Options -Indexes to your to .htaccess file to return 403 error pages to those accessing a directory without an index file.
Block Access to Certain Files
This is a more general directive that blocks access to your login, wp-config, and other files. You can just modify it to cover any file you would like to protect.
Stay tuned as we will cover more .htaccess tips here in the future.