As an open source CMS platform, WordPress source code and template files are open to everyone. So as a hacker, it’s become very easy to know about wordpress security weakness to damage wordpress based website.
WordPress Developers trying their best to make its security much harder as they can. Beside this wordpress developer effort, as a wordpress user you should also take extra caution to protect your website.
As a chronological htaccess tutorial, here I am going to give you some basic and effective tips for enhancing wordpress basic security.
Open your .htaccess file from wordpress root folder. If you don’t have it download it from end of this article and upload it to your wordpress root directory.
Important: .htaccess is very case sensitive. Use it very carefully. Wrong punctuations can give you unexpected error messages.
1. Disable index view of wordpress directory. To do add this below code in your .htaccess file and save it.
# Disable index views Options -Indexes
- # symbol use to comment and
- “Options -Indexes” use to disable index view.
2. Deny access for WordPress wp-config.php configuration file. To do add this below code in your .htaccess file and save it.
# PROTECT WP-CONFIG <Files "wp-config.php|install.php"> Order Deny,Allow Deny from all </Files>
- <Files “wp-config.php|install.php”> </Files> : use to select only WordPress wp-config.php and install.php files.
- Order Deny,Allow : opening htaccess command to deny or allow access to wp-config.php file.
- Deny from all : telling the htaccess file not allow anyone to access this file.
Download .htaccess file from below box:
[wpfilebase tag=file id=3 /]