wordpress .htaccess security

Security Tips For WordPress .htaccess

The .htaccess file is the easiest and the cheapest (actually it’s free!) solution to secure a WordPress blog. The .htaccess file is a configuration file for use on web servers running the Apache Web Server software. When a .htaccess file is placed in a directory which is in turn “loaded via the Apache Web Server”, then the .htaccess file is detected and executed by the Apache Web Server software. It is often used to specify the security restrictions for the particular directory.

Here are some tips by CPWebHosting – Cheap Hosting Provider:

  • Restrict Access to WP Admin directory by IP Address: If you are running a simple website, there is no reason to allow others to access WordPress administration panel. You can protect your WP admin from unauthorized access by listing your static IP address in the .htaccess.
  • Disable Hotlinking: Sometimes another site may directly link images from your site. It saves hard disk space by not having to store the images. But your site ends up serving the requests for them, thus using up your precious bandwidth.
  • Stop Spammers: There are a number of ways to identify a potential spammer. One of them is to detect requests with ‘no referrer’. Spammers use bots to post comments on blogs and they come from ‘nowhere’.
  • Protect WP-Config: The wp-config.php file in your WordPress installation contains some real important secrets, like database name, database user-name and password etc. You have no choice but to keep it secure.
  • Disable Directory Browsing: Someone who knows the directory structure of a WordPress installation may use his knowledge to do some damage. Besides you should not let them know what plug-ins you are using.