Tektriks
HTACCESS – For WordPress only
A collection of useful .htaccess codes.
To work all of these, add the following line at the beginning to your .htaccess file.
Options +FollowSymlinks
RewriteEngine on
RewriteBase /
Deny access to wp-config.php, readme.html, license.txt
<FilesMatch "^(wp-config.php|readme.html|license.txt)"> Order allow,deny Deny from all Satisfy All </FilesMatch>Allow Only Selected Files from wp-content
# Disable access to all file types except the following Order deny,allow Deny from all <Files ~ ".(xml|css|js|jpe?g|png|gif|pdf|docx|rtf|odf|zip|rar)$"> Allow from all </Files>You must create a new .htaccess file with the code and paste it in the wp-content folder. Don’t place this in the base installation directory – else it won’t work.
Restrict All Access to wp-includes
# Block wp-includes folder and files <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^wp-admin/includes/ - [F,L] RewriteRule !^wp-includes/ - [S=3] RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] RewriteRule ^wp-includes/theme-compat/ - [F,L] </IfModule>The wp-includes folder contains only the files that are strictly necessary to run the core version of WordPress – one without any plugins or themes. Remember, the default theme still resides in the wp-content/theme directory. Thus, no visitor (including you) should require access to content of the wp-include folder.
Allow only Selected IP Addresses to Access wp-admin
# Limit logins and admin by IP <Limit GET POST PUT> order deny,allow deny from all allow from 302.143.54.102 allow from IP_ADDRESS_2 </Limit>Password Protect WordPress Admin Folder
You can easily create one by using this online generator.
Upload this .htpasswds file outside your publicly accessible web directory or /public_html/ folder. A good path would be:
home/user/.htpasswds/public_html/wp-admin/passwd/
Now you need to create a new .htaccess file and add this code:
AuthName "Admins Only" AuthUserFile /home/yourdirectory/.htpasswds/public_html/wp-admin/passwd AuthGroupFile /dev/null AuthType basic require user putyourusernamehere <Files admin-ajax.php> Order allow,deny Allow from all Satisfy any </Files>Important: Don’t forget to replace AuthUserFile path with the file path of your .htpasswds file and add your own username
Upload this .htaccess file to your wp-admin folder. That’s all, your WordPress admin folder is now password protected and only you or the users you allow will be able to access it.
Protect .htaccess file
<Files ~ “^.*\.([Hh][Tt][Aa])”> order allow,deny deny from all satisfy all </files>
This page wouldn’t have such a long without
- https://github.com/phanan/htaccess
- https://stackoverflow.com/questions/4916222/htaccess-how-to-force-www-in-a-generic-way
- http://www.sitepoint.com/domain-www-or-no-www/
- http://css-tricks.com/snippets/htaccess/
- http://www.abeautifulsite.net/access-pages-without-the-php-extension-using-htaccess/
- http://speckyboy.com/2013/01/08/useful-htaccess-snippets-and-hacks/
- https://github.com/h5bp/server-configs-apache
- http://www.htaccess-guide.com/deny-visitors-by-referrer/
- http://developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping
- http://www.askapache.com/htaccess/apache-speed-etags.html
- https://github.com/h5bp/server-configs-apache/issues/32
- http://www.wpbeginner.com/wp-tutorials/9-most-useful-htaccess-tricks-for-wordpress/
- https://www.tsohost.com/blog/8-ways-to-secure-wordpress-with-.htaccess
