Security Tips For WordPress .htaccess

The .htaccess file is the easiest and the cheapest (actually, it’s free!) solution to secure a WordPress blog. The .htaccess file is a configuration file used on web servers running the Apache Web Server software. When a .htaccess file is placed in a directory “loaded via the Apache Web Server, ” the .htaccess file is detected and executed by the Apache Web Server software. It is often used to specify the security restrictions for a particular directory.

• Restrict Access to the WP Admin directory by IP Address: If you run a simple website, there is no reason to allow others to access the WordPress administration panel. You can protect your WP admin from unauthorized Access by listing your static IP address in the .htaccess.
• Disable Hotlinking: Sometimes, another site may directly link images from your site. It saves hard disk space by not having to store the photos. But your site serves their requests, thus using up your precious bandwidth.
• Stop Spammers: There are several ways to identify a potential spammer. One of them is to detect requests with ‘no-referrer’. Spammers use bots to post blog comments and come from ‘nowhere’.
• Protect WP-Config: The wp-config.php file in your WordPress installation contains some crucial secrets, like database name, user name and password, etc. You have no choice but to keep it secure.
• Disable Directory Browsing: Someone who knows the directory structure of a WordPress installation may use his knowledge to do some damage. Besides, it would be best not to let them know what plug-ins you use.