Hypertext access (.htaccess) file is the common name of a directory-level configuration file which allows decentralised management of web server configuration. A .htaccess file is always added to the root directory, it can override many other configuration settings which includes server’s global configuration, content type and character set.
A .htaccess file can be used for lots of hacks that will secure and improve functionality for WordPress blogs and websites. Following are lists of main htaccess code snippets which will improve and prevent WordPress sites from hackers. Some will allow to block specific IP addresses to visit the site, redirect visitors to maintenance page when particular site is redesigned or modified, prevent IP addresses to login into the wordpress admin section etc.
Blacklist undesired users and bots ip address
<?php
/*
Online PHP Examples with Source Code
website: http://4evertutorials.blogspot.com/
*/
order allow,deny
allow from all
deny from 132.151.389
deny from 91.131.784
deny from 773.966.769
deny from 178.406.880
?>
Redirect visitors to a maintenance page
<?php
/*
Online PHP Examples with Source Code
website: http://4evertutorials.blogspot.com/
*/
RewriteEngine on
RewriteCond %{REQUEST_URI} !/maintenance.php$
RewriteCond %{REMOTE_ADDR} !^123.123.123.123
RewriteRule $ /maintenance.php [R=302,L]
?>
Redirect www to non www or vice versa
<?php
/*
Online PHP Examples with Source Code
website: http://4evertutorials.blogspot.com/
*/
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^www.yourblogpath.com [NC]
RewriteRule ^(.*)$ http://yourblogpath.com/$1 [L,R=301]
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^yourblogpath.com [NC]
RewriteRule ^(.*)$ http://www.yourblogpath.com/$1 [L,R=301]
?>
Force Caching with htaccess
The following htaccess code won’t help the initial pageload, but it will significantly help subsequent pageloads by sending 304 statuses when requested elements haven’t been modified.
<?php
/*
Online PHP Examples with Source Code
website: http://4evertutorials.blogspot.com/
*/
FileETag MTime Size
ExpiresActive on
ExpiresDefault "access plus x seconds"
?>
Allow only your IP adress on the wp-admin directory
Replace your IP with allow from xx.xx.xx.xx which will only allow your IP to access wp-admin directory.
<?php
/*
Online PHP Examples with Source Code
website: http://4evertutorials.blogspot.com/
*/
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Wordpress Admin Access Control"
AuthType Basic
order deny,allow
deny from all
allow from xx.xx.xx.xx
?>
The easiest way to ban a WordPress spammer
To block certain IP address from accessing your blog enter the following code into .htaccess file and replace example IP address with the one you want to ban.
<?php
/*
Online PHP Examples with Source Code
website: http://4evertutorials.blogspot.com/
*/
## USER IP BANNING
order allow,deny
deny from 670.45.145.125
allow from all
?>
Deny access to your wp-config.php file
<?php
/*
Online PHP Examples with Source Code
website: http://4evertutorials.blogspot.com/
*/
# protect wpconfig.php
order allow,deny
deny from all
?>
Limit the File upload size to 10MB
<?php
/*
Online PHP Examples with Source Code
website: http://4evertutorials.blogspot.com/
*/
# limit file uploads to 10mb
LimitRequestBody 10240000
?>
Password protected directories
A simple way to password protect blog directories
<?php
/*
Online PHP Examples with Source Code
website: http://4evertutorials.blogspot.com/
*/
AuthType Basic
AuthName "restricted area"
AuthUserFile /usr/local/var/www/html/.htpasses
require valid-user
?>
Quickly secure plugin files
WordPress plugin files might have a loop hole and may allow hackers to get into your website. To prevent others to have direct access to plugin files use following code.
<?php
/*
Online PHP Examples with Source Code
website: http://4evertutorials.blogspot.com/
*/
order allow,deny
allow from all
?>