Posted on Sep 5, 2010, 3:14 am, UTC
Updated on Sep 5, 2010, 3:20 am, UTC

.htaccess Essential Blog Security Using .htaccess File

This article discuss .htaccess rules to provide some security to your WordPress blog. You must add these rules to your root .htaccess file.

Blog Security Using .htaccess File

Protect .htaccess From Outside Access: This should be at the start of each and every root .htaccess file you ever create.

# Protect the .htaccess file
<Files .htaccess>
Order Allow,Deny
Deny from all
</Files>

Protect wp-config.php From Unwanted Access:

# Protect wpconfig.php
<Files wp-config.php>
Order Allow,Deny
Deny from all
</Files>

Not that this rule can be in .htaccess file at the same directory as the protected file, so not necessarily the root .htaccess

Disable Directory Browsing:

# Disable directory browsing
Options All -Indexes

Protect From Spam Comments:

# Protect from spam comments
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*YOURDOMAIN.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]
</IfModule>

Prevent Hotlinking:

# Protect bandwidth
<IfModule mod_rewrite.c>
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?YOURDOMAIN\.com/ [NC]
RewriteRule .(jpg|jpeg|png|gif)$ http://ANOTHERDOMAIN.com/nohotlinking.jpg [NC,R,L]
</IfModule>

Your Own Shortlinks (in WordPress): Even if you're using SEO-friendly permalink, WordPress default url for posts and pages is still active, e.g. http://YOURDOMAIN.com/?p=123. You can use that to your advantage and use this directive to remove the need for that ?p= in the url and have your own short-URLs, like for example this post can be found as http://zemalf.com/1076

# BEGIN URL Shortening
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} ^/([0-9]+)$
RewriteRule .* http://YOURDOMAIN.com/?p=%1 [R=301,L]
</IfModule>
# END URL Shortening

Force Download (e.g. for mp3, PDFs, etc.):

<FilesMatch "\.(mov|mp3|pdf)$">
ForceType application/octet-stream
Header set Content-Disposition attachment
</FilesMatch>

Related Resources:

Advertising:

Filed under: Apache,Blogging,CMS,htaccess,Online Stores,Security,Softwares,Tips, Tricks, Tweaks,WordPress

Recommend this story

Loading

Email Newsletter

Missing out on the latest diTii.com news? Enter your email below to receive future announcements direct to your inbox. An email confirmation will be sent before your subscription is activated - please check your spam folder if you don't receive this.

About the AuthorDG

View all posts by DG

Leave a Reply

Skip to Content | Refresh page | Top | Back

Find us on Facebook