![]() If you need help hardening your WordPress website, a website audit is the right thing to do. You can read more in our Security of Your WordPress Website article. Security, as everything in life, ultimately comes down to user behavior – avoiding risky situations, avoiding untrusted hosting companies and weak passwords, always using plugins developed with WordPress best practices in mind, installing WordPress security plugins, updating your software regularly, etc. WordPress SEO) for configuring htaccess, please make sure to also have FTP credentials, just in case you need to directly access and reconfigure it. Note: Making changes to htaccess should be a pretty relaxing job, but if you use plugins (ex. While you can install various WordPress security plugins, sign-up for monitoring services and content delivery networks which filter your traffic, configuring htaccess file so it strengthens your WordPress security is a good step toward that peace of mind you, as a website owner, deserve. The following code snippet will stop anyone from accessing (reading or writing) any file that starts with “ hta“. We’ve done a lot to protect WordPress, but the htaccess file itself is still open to attacks. There’s just one last thing we should do and that’s protecting the htaccess file(s). Your WordPress website should be a lot safer place now. This code will allow access to images, CSS, java-script and XML files, but deny it for any other type. In order to work you need to create a separate htaccess file (just use your FTP client and create a file with no name and give it an “htaccess” extension) and put it in your /wp-content directory. You don’t want to allow access to those sensitive. But, “/wp-content” is a place where your themes and plugins reside, too. WordPress holds all your media files in here and they’re an asset you want search engines to crawl. If you need to allow certain websites to use your images, then you can use this online tool for generating the anti-hotlinking code where you can define various parameters. Note: Be sure to change “YourDomain” with your domain address and leave out the “www” part RewriteCond % !^http(s)?://(www\.)?YourDomain Adding this to your htaccess will prevent hotlinking from happening: RewriteEngine on While this is not in the domain of WordPress security, it will certainly help your website’s overall health. Sometimes other (non-ethical) site curators will try to use your images and videos and put a strain on your serves, which uses your disk space and bandwidth. ![]() Options All -Indexes Disable any Hotlinking With this code you’ll prevent any directory browsing: # directory browsing You know how you can change a few characters in a URL and continue browsing the website. WordPress best practices suggest you protect your wp-config.php file and you can do that by adding: ![]() Here’s a piece of code generated by WordPress and you’ll find it in almost every htaccess file: # BEGIN WordPressĪnything else you decide to apply to harden WordPress security should be added after this.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |