wordpress security logoWhenever you need to fix permalinks on your WordPress website, you tend to remember the popular .htaccess. It is a well known fact that .htaccess is extremely popular in fixing wordpress bugs. But, is it limited to this use, or is there some way that you can extend this use. .htaccess is extremely useful in increasing your site’s security, optimizing the overall site and creating a brilliant performance.

There are 6 interesting tips to use .htaccess to make your website interactive and optimized. Before you begin making the changes, and get started with the changes in your website, get a proper backup of your website using .htaccess. configure your FTP client and then connect your website using this client. Make sure you are able to see hidden files through this configuration. Once you have achieved all of this, you can begin with the tips that are suggested to improve performance of your website using .htaccess.

WordPress Admin Password Protection

With .htaccess, you can protect the admin password for your WordPress website. This access will help you limit the access of the password to just a few IP addresses. All you need to do is copy paste the below code into your .htaccess file, and limit the access.

AuthUserFile /dev/null
AuthGrupFile /dev/null
AuthName “Wordpress Admin Access Control”
AuthType Basic
Order deny, allow
Deny from all
# whitelist Syed’s IP address
Allow from xx.x.xx.xxx
# whitelist David’s IP address
Allow from xx.xx.xx.xxx

You can add any number of users to this list. In place of xx.xx.xx.xxx you will need to use your IP address.

WordPress Admin Folder Protection

If you want to give your WordPress admin folder password protection, you can use this .htaccess.

Your first task would be to create a .htpasswds file. All you need is an online generator to create such a file.

Once such a file is created, you can upload this file outside the publicly accessible directory. The following is the best path for such a directory.

Once this path is created, add the following code to the path
AuthName “Admins Only”
AuthUserFile /home/yourdirectory/.htpasswds/public_html/wp-admin/passwd
AuthGroupFile /dev/null
AuthType Basic
Require user putyourusernamehere
<Files admin-ajax.php>
Order allow, deny
Satisfy any

In place of authuserfile path you will need to mention the .htpasswds file path. Now once this code has been added, upload the file to your wp-admin folder. Once the upload is complete, you will see that the admin path is password protected.

Directory Browsing Disabled

It is good if you get to disable directory browsing on your wordpress website. .htaccess allows you to disable this type of browsing. Why should you disable this browsing? With this browsing enabled, you are allowing hackers a chance to look through your website affairs.

Let’s see how directory browsing is disabled with .htaccess.

Add the following code to your .htaccess file, and the directory browsing would be disabled.

Options – indexes

PHP Execution Disabled

In case of wordpress directories, it is always a good option to disable the PHP execution. This will prevent unnecessary backdoor entry into your files and folders. The backdoor files look like the core wordpress files. They are normally found in /wp-includes/ or /wp-content/uploads/folders.

If you want enhanced security on your wordpress website, the best way to attain this is preventing backdoor entry, which simply means disabling PHP execution on select directories. Here’s how you can prevent this from occurring.

First you will need to create a blank .htaccess file on your wordpress website. once done, add the following code to it

<files *.php>
Deny from all

Upload this code to the /wp-content/uploads/ and /wp-includes/ directories. Once the code is uploaded, the entry is restricted.

WordPress Configuration File Protection

WordPress website contains a configuration file wp-config.php, which is apparently the most important file for your website. It is your website’s root directory, and the loss of this directory can be very fatal to your website. The reason being it contains access to your database. You will need to protect this config file. Password protect config file using .htaccess. Following is the code that will help you protect your config file.

<files wp-config.php>
Order allow, deny
Deny from all

301 Redirects Using .htaccess

Have you removed content from your website, or relocated it? If you want to inform your users about it, the best way to do so would be to use 301 redirects. For this the best way to handle the redirect is using .htaccess. Just paste the following code to the .htaccess file on your website and get the redirects done easily.

Redirect 301/oldurl/ http://www.example.com/newurl
Redirect 301/category/television/ http://www.example.com/category/tv/

About Author:

Juned Ahmed is an editor Have a passionate about mobile application, web application and IT techologies, working at IndianAppDevelopers company, the primary focus of IndianAppDevelopers company on web like asp.net development and mobile application development.