.Htaccess Tips

The full form of .Htaccess file is (Hypertext Access), which makes visitors to interact with websites. By using .Htaccess file in root directory, we can provide security to your website.
Let’s check .Htaccess tips to improve your site security.
1.Create .Htaccess File.
2.Prevent Image Hotlinks.
3.Prevent Directory Access.
4.Block IP Address To Prevent Wp-admin Attacks

1.Create .Htaccess File: If wordpress need to write anything in the .Htaccess file it writes between # BEGIN WordPress and # END WordPress.

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

2.Prevent image hotlinks: why we use image hot linking in .Htaccess file? Let’s check the uses of creating image hot linking, now I will give small example for image hot linking, when we upload images in eknowledgetree site, someone who interested in the image can directly copying the image url and loading that images into different website (dcodefarm.com) may cause bandwidth problem, when users visits the decodefarm.com site, it consumes more bandwidth and decreases eknowledgetree.com site performance.
To overcome this issue we need to modify .Htaccess file in wordpress root folder, before modifying the file, please take backup of .Htaccess file once it completes please copy paste below code in your Htaccess file.

 RewriteEngine on
 RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?eknowledgetree.com [NC]
 RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?dcodefarm.com [NC]
 RewriteRule \.(jpg|jpeg|png|gif)$ https://www.eknowledgetree.com/preventimagehotlinks.png [NC,R,L]
  • Here in the above code first line enables redirection process.
  • In the second line we created condition to view our website images, we can replace our site with actual domain name, don’t use www in this line with URL.
  • In third line it allows other websites to access your site images, for this you can add multiple urls, to accessing your site images.
  • In the last line we can create custom image and upload image to images folder in Dream host server, and add that url link to Htaccess file , which replaces all unauthorized images to be replaced by the this custom image.

3.Deny Director Access: when we create wordpress website , we have includes folder in Dream host server, which is used for backend admin functionality, for security reasons we need to deny all this folder access in .Htaccess file, for this we need to place .Htaccess file in the folder which we don’t want to access. Let’s add below code to deny all access to folder.

Deny from all

4.Block IP Address To Avoid Admin Attacks: Most of the hackers use different ip addresses to hack wordpress admin pages to get the details of customers, to avoid particular regular ip attacks we had an option to block ip address using .Htaccess. let’s check below code .

Order allow, deny
Deny from 192.168.1.1
Deny from 192.168.1.2
Allow from all

In the above code we are blocking two ip addresses using .Htaccess file, we can also block complete ip address from 192.168.1.0 to 192.168.1.255, and this will refuse access for any user in between range.

Thanks for reading this article.