Here is list of some important WordPress tips about .htaccess. I am sure these WordPress tips are really helpful for you and your websites.

The .htaccess file is a most important configuration file that allows you to control files and folders in the current directory, and all sub-directories. The filename is a shortened name for hypertext access and is supported by most servers. Millions of WordPress users use the .htaccess file to protect their websites from spammers, hackers, and other known threats. In this article, I would like to share with you several tips and snippets for .htaccess that will make your website secure.

Make a backup of your current working file of .htaccess. Store it in a safe place on your computer, and if possible, in another location such as a USB flash drive or any other storage media. Do not take any chances with .htaccess.

You May Also Like:

1. Protect .htaccess Tips

.htaccess is the most important file all over the whole website that is why it is very important to protect this file from unauthorized users. This small code will help you to stop hackers from accessing your .htaccess file. You can easily do this. Just open and edit file via FTP.

<files ~ “^.*\.([Hh][Tt][Aa])”>
order allow,deny
deny from all
satisfy all


2. Protect WP-Config.php tips

In WordPress another important file is wp-config.php. This configuration file contains the login information for your WordPress database as well as other important settings This small code will help you to stop hackers from accessing your WP-config.php file.

<files wp-config.php>

order allow,deny

deny from all


3. Block Include-Only Files

There are certain files that never have to be accessed by the user. You can block access to these files by adding the following code to your .htaccess file:

# Block the include-only files.

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteBase /

RewriteRule ^wp-admin/includes/ – [F,L]

RewriteRule !^wp-includes/ – [S=3]

RewriteRule ^wp-includes/[^/]+\.php$ – [F,L]

RewriteRule ^wp-includes/js/tinymce/langs/.+\.php – [F,L]

RewriteRule ^wp-includes/theme-compat/ – [F,L]


4. Restrict Access to the Admin Area

Another enterence door for hackers is the WordPress admin area. If they get access to admin area, they can do unethical activities with your website which is harmful for your websites. To protect your website from hackers just restrict access to admin area.

To make this area more secure, create a new .htaccess file and add the code below to it:

# Limit logins and admin by IP


order deny,allow

deny from all

allow from


IP Address should be your own.

If more then one admin of your website then you cn Additional IP addresses add for other administrators and staff member. You can do this by adding additional allow lines or listing their IP addresses in the main allow line and separating them using commas. For example:

allow from,,

5. Ban Someone From Your Website

If someone who disturb you and leave bad and busive comments on your website or someone who has attempted to access your admin area and you also know the IP address of that person or party, you can completely ban them from your website using the code below.

<Limit GET POST>

order allow,deny

deny from 123.456.78.9

deny from 987.654.32.1

allow from all




About The Author

Related Posts

Leave a Reply

Your email address will not be published.