Tektriks

Coding starts here
Home / Blog

HTACCESS – For WordPress only

A collection of useful .htaccess codes.
To work all of these, add the following line at the beginning to your .htaccess file.


Options +FollowSymlinks 
RewriteEngine on
RewriteBase /

  • Deny access to wp-config.php, readme.html, license.txt

    
    <FilesMatch "^(wp-config.php|readme.html|license.txt)">  
        Order allow,deny
        Deny from all
        Satisfy All
    </FilesMatch>	
    	
    
  • Allow Only Selected Files from wp-content

    
    # Disable access to all file types except the following
    Order deny,allow
    Deny from all
    <Files ~ ".(xml|css|js|jpe?g|png|gif|pdf|docx|rtf|odf|zip|rar)$">
    Allow from all
    </Files>	
    	
    

    You must create a new .htaccess file with the code and paste it in the wp-content folder. Don’t place this in the base installation directory – else it won’t work.

  • Restrict All Access to wp-includes

    
    # Block wp-includes folder and files
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^wp-admin/includes/ - [F,L]
    RewriteRule !^wp-includes/ - [S=3]
    RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
    RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
    RewriteRule ^wp-includes/theme-compat/ - [F,L]
    </IfModule>	
    	
    

    The wp-includes folder contains only the files that are strictly necessary to run the core version of WordPress – one without any plugins or themes. Remember, the default theme still resides in the wp-content/theme directory. Thus, no visitor (including you) should require access to content of the wp-include folder.

  • Allow only Selected IP Addresses to Access wp-admin

    
    # Limit logins and admin by IP
    <Limit GET POST PUT>
    order deny,allow
    deny from all
    allow from 302.143.54.102
    allow from IP_ADDRESS_2
    </Limit>	
    	
    
  • Password Protect WordPress Admin Folder

    You can easily create one by using this online generator.

    Upload this .htpasswds file outside your publicly accessible web directory or /public_html/ folder. A good path would be:

    home/user/.htpasswds/public_html/sec-eadmin/passwd/

    Now you need to create a new .htaccess file and add this code:

    
    AuthName "Admins Only"
    AuthUserFile /home/yourdirectory/.htpasswds/public_html/sec-eadmin/passwd
    AuthGroupFile /dev/null
    AuthType basic
    require user putyourusernamehere
    <Files admin-ajax.php>
    Order allow,deny
    Allow from all
    Satisfy any 
    </Files>	
    	
    

    Important: Don’t forget to replace AuthUserFile path with the file path of your .htpasswds file and add your own username

    Upload this .htaccess file to your wp-admin folder. That’s all, your WordPress admin folder is now password protected and only you or the users you allow will be able to access it.

  • Protect .htaccess file

    
    <Files ~ “^.*\.([Hh][Tt][Aa])”>
    	order allow,deny
    	deny from all
    	satisfy all
    </files>	
    	
    

This page wouldn’t have such a long without

Leave a Reply

Be the First to Comment!

Notify of
avatar
wpDiscuz