With more than 70 million users, WordPress is the the most popular CMS around the world,. But it too has its own security issues, which can be protected using .htaccess.
As a WordPress user we need to make sure that the plugin installs are safe from hackers. There are many plugins that can help us do that including plugins like Login LockDown, which records the IP address and blocks it after a specific number of login attempts. Another is WP Security Scan, which checks the install for any vulnerabilities and then suggests how you can fix it.
In addition, we can make the.htaccss file secure with proper configuration and updating it regularly to make sure you have the tightest security by giving you that extra degree of protection.
Typically your WordPress .htaccess file will look something like this:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Any additions you make to the .htaccess file should be at the end after # END WordPress.
That way you won’t wreck any WordPress based .htaccess functions. Before make any changes to the .htaccess file back it up and store in a safe place.
You can also protect wp-config.php, which is the file found in the root directory, where information about your website and database details are stored. You don’t want the wrong people to get their hands on this. You can protect it by adding the following in the .htaccess file, which will stop access to wp-config.php file.
<Files wp-config.php>
order allow,deny
deny from all
</Files>
You can also limit who is able to access the admin fold by restricting it to your IP address. To do this you will have to create a new .htaccess file. You can do this in any text editor and then you will need to upload to your wp-admin folder.
This snippet will stop access to your admin folder to everyone except the IP address that you have specified. If you have a dynamic IP you will need to regularly change this file otherwise you will find that you are denied access.
Copy code
order deny,allow
allow from 202.090.21.1 (replace with your IP address)
deny from all
This is a good start to using the .htaccess file to protect your WordPress site. There are others, but this is a good place to start.