A collection of useful .htaccess codes.
To work all of these, add the following line at the beginning to your .htaccess file.
Options +FollowSymlinks
RewriteEngine on
RewriteBase /
<FilesMatch "^(wp-config.php|readme.html|license.txt)">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
# Disable access to all file types except the following
Order deny,allow
Deny from all
<Files ~ ".(xml|css|js|jpe?g|png|gif|pdf|docx|rtf|odf|zip|rar)$">
Allow from all
</Files>
You must create a new .htaccess file with the code and paste it in the wp-content folder. Don’t place this in the base installation directory – else it won’t work.
# Block wp-includes folder and files
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>
The wp-includes folder contains only the files that are strictly necessary to run the core version of WordPress – one without any plugins or themes. Remember, the default theme still resides in the wp-content/theme directory. Thus, no visitor (including you) should require access to content of the wp-include folder.
# Limit logins and admin by IP
<Limit GET POST PUT>
order deny,allow
deny from all
allow from 302.143.54.102
allow from IP_ADDRESS_2
</Limit>
You can easily create one by using this online generator.
Upload this .htpasswds file outside your publicly accessible web directory or /public_html/ folder. A good path would be:
home/user/.htpasswds/public_html/wp-admin/passwd/
Now you need to create a new .htaccess file and add this code:
AuthName "Admins Only"
AuthUserFile /home/yourdirectory/.htpasswds/public_html/wp-admin/passwd
AuthGroupFile /dev/null
AuthType basic
require user putyourusernamehere
<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any
</Files>
Important: Don’t forget to replace AuthUserFile path with the file path of your .htpasswds file and add your own username
Upload this .htaccess file to your wp-admin folder. That’s all, your WordPress admin folder is now password protected and only you or the users you allow will be able to access it.
<Files ~ “^.*\.([Hh][Tt][Aa])”>
order allow,deny
deny from all
satisfy all
</files>
This page wouldn’t have such a long without