Many WordPress users come across .htaccess file when fixing their permalinks. However you can do so much more.
The .htaccess file is a powerful configuration file that allows you to improve your site’s security and performance.
Below, we’ve listed just a few, very useful htaccess tricks.
Securing WP-Includes
# Block the include-only files. <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^wp-admin/includes/ - [F,L] RewriteRule !^wp-includes/ - [S=3] RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] RewriteRule ^wp-includes/theme-compat/ - [F,L] </IfModule> # BEGIN WordPress
Securing wp-config.php
<files wp-config.php> order allow,deny deny from all </files>
Securing .htaccess
<Files .htaccess> order allow,deny deny from all </Files>
Prevent Directory Browsing
Options All -Indexes
That’s it, Pretty simple yeah?
Editing your .htaccess file or creating new ones for sub-directories can boost security on your site. Still, it’s best to use the tips above to complement other security measures you have in place for your site.