Home » .htaccess » Protect Files and Directories using .htaccess

Protect Files and Directories using .htaccess

Here now we going to see how to protect files and directories using .htaccess. By default, Apache allows access to everything inside the Document Root folder. That means all the subdirectories, files & contents are can be listed in the root folder. However, you can use .htaccess to build the security of your Apache Server.

.htaccess is the most required file for any website. Using .htaccess file here you can do a lot of things. You can restrict your website access and it can be placed in any folder of the website to change the action of that folder.

The whole website control room is .htaccess that already you aware of it. Even a single spelling mistake can stop the complete website. Always keep the backup before making any changes in the .htaccess file. By default, every web hosting has a .htaccess file in the root directory. If it is not available here an article.

1. Protect the .htaccess

Most important in the whole website is .htaccess file and it is very necessary to protect first from unauthorized users. .htaccess have only owned the capacity to control your entire website. To protect this file from unauthorized users by adding the following code, you can restrict access to unauthorized users.

2. Protect the wp-config.php

The wp-config.php is a very important file in WordPress. Because all the server, database, and other details are stored in the wp-config.php file. So it is also necessary to protect from unauthorized access to this file. Add the following code in your .htaccess file to protect your wp-config.php.

3. Protect the WordPress Login Page

In WordPress, the wp-login.php file is important because users can login through wp-login.php only. For this, you can protect the login from unauthorized users by adding your IP address so others can’t able to access the wp-login.php. To allow multiple IP addresses, repeat the last line and change the IP address to suit your needs.

Note: Don’t forget to change “443.232.333.876” to your own IP address.

4. Protect the wp-contents

To protect your themes, plugins, and media from the hackers here you have a solution, the main target for hacker and spammers are the themes and plugins using that only they insert malware code. Here below you have the code. Copy and paste it in your .htaccess file to protect wp-contents folder and files.

Now here you can upload only XML, CSS, JPG, JPEG, PNG, Gif, and Javascript files in the wp-contents folder. All other file types will not be allowed.

5. Protect the Includes files

In WordPress some sections that never have to be accessed by the user. It’s better to block access to these folders and files. You can block by adding the following code in your .htaccess file.

6. Disable Directory Browsing

In the websites, unauthorized access to your files and folders can be a high-security risk. So here you add the following to protect your directories.

Was this article helpful?

Yes No

How can we improve it?


We appreciate your helpul feedback!

Your answer will be used to improve our content. The more feedback you give us, the better our pages can be.

Follow us on social media:

Facebook Pinterest


Creative Designer & Developer specialist by the spirit and a loving blogger by thoughts.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top