- 1. QUICK TIP - Create Password Protected PDF with PHP & MySQL
- 2. QUICK TIP - How to make a YouTube subscription link and get more subscribers
Are you looking for some useful .htaccess tricks for your WordPress site. The .htaccess file is a powerful configuration file which allows you to do a lot of neat things on your website. In this article, we will show you some of the most useful .htaccess tricks for WordPress that you can try right away.
What is .htaccess File and How to Edit it?
The .htaccess file is a server configuration file. It allows you to define rules for your server to follow for your website.
WordPress uses .htaccess file to generate SEO friendly URL structure. However, this file can do a lot more.
The .htaccess file is located in your WordPress site’s root folder. You will need to connect to your website using an FTP client to edit it.
Before editing your .htaccess file, it is important to download a copy of it to your computer as backup. You can use that file in case anything goes wrong.
Having said that, let’s take a look at some useful .htaccess tricks for WordPress that you can try.
1. Protect Your WordPress Admin Area
You can use .htaccess to protect your WordPress admin area by limiting the access to selected IP addresses only. Simply copy and paste this code into your .htaccess file:
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "WordPress Admin Access Control"
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
# whitelist Syed's IP address
allow from xx.xx.xx.xxx
# whitelist David's IP address
allow from xx.xx.xx.xxx
</LIMIT>
Don’t forget to replace xx values with your own IP address. If you use more than one IP address to access the internet, then make sure you add them as well.
2. Password Protect WordPress Admin Folder
If you access your WordPress site from multiple locations including public internet spots, then limiting access to specific IP addresses may not work for you.
You can use .htaccess file to add an additional password protection to your WordPress admin area.
First, you need to generate a .htpasswds file. You can easily create one by using this online generator.
Upload this .htpasswds file outside your publicly accessible web directory or /public_html/ folder. A good path would be:
/home/user/.htpasswds/public_html/wp-admin/passwd/
Next, create a .htaccess file and upload it in /wp-admin/ directory and then add the following codes in there:
AuthName "Admins Only"
AuthUserFile /home/yourdirectory/.htpasswds/public_html/wp-admin/passwd
AuthGroupFile /dev/null
AuthType basic
require user putyourusernamehere
<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any
</Files>
Important: Don’t forget to replace AuthUserFile path with the file path of your .htpasswds file and add your own username.
3. Disable Directory Browsing
Many WordPress security experts recommend disabling directory browsing. With directory browsing enabled, hackers can look into your site’s directory and file structure to find a vulnerable file.
To disable directory browsing on your website, you need to add the following line to your .htaccess file.
Options -Indexes
4. Disable PHP Execution in Some WordPress Directories
Sometimes hackers break into a WordPress site and install a backdoor. These backdoor files are often disguised as core WordPress files and are placed in /wp-includes/ or /wp-content/uploads/ folders.
