How to Protect your .Htaccess File from Unauthorized Access in WordPress

The .htaccess file is a configuration file used to do a lot of things on your website including securing it. However, if you don’t protect this file well, then your website is still vulnerable. So protecting htaccess files from unauthorized users can be very important.

Why do you need to protect your .htaccess file?

With .htaccess file you can override the settings on your web server. With the right commands, you can enable/disable extra functionality and features to protect your site from spammers, hackers and other threats. You can include basic redirects, locking outside access to particular files, or more advanced functions such as content password protection or preventing image hotlinking.

We know that htaccess file can be used to secure all kinds of stuff on your website as well as serving other purposes but it’s a very powerful tool for security. And if you are using it for security it’s a good idea to protect that file itself because somebody can go into the file and undo all the security that it does for your site.

How to secure the .htaccess file?

It’s a very simple set of Apache commands that you need to paste into the htaccess file. First login into your hosting account cPanel. Then find and click on the File Manager icon and open the Document Root for the website that you are working.

File manager selection

File manager selection

If you dont have an htaccess file you can click on the Add New File.

Add new file

Add new file

You can also log into the website root using FTP if you are more comfortable with that.
Click on htaccess and Edit.

click on htaccess

click on htaccess

Edit htaccess file

Edit htaccess file

Open the .htaccess file and paste the code from above into it.

<Files ~"^.*\. ([Hh][Tt][Aa])">
order allow, deny
deny from all
satisfy all
</Files>
This code matches any file that has a dot, H, T and an A at the very beginning which is the htaccess file. It matches whether an H, T and A are uppercase and lowercase and rest of the file name can be anything. What it says that we want to deny from all which means that nobody can access that file unless we go into the Cpanel through your hosting account.

Click Save changes. You’re not going to see an effect because you don’t actually try to access the htaccess file from externally anyway. If a hacker tries to access, it will get an error and they won’t be able to see the file which is what you want.

Christine

Christine

Author at onlineshouter
Christine writes for people who seek for knowledge about SEO, blogging, online marketing, gadgets and web apps.
Christine

Leave a Reply

Your email address will not be published.