.htaccess Essential Blog Security Using .htaccess File

This article discuss .htaccess rules to provide some security to your WordPress blog. You must add these rules to your root .htaccess file.Blog Security Using .htaccess FileProtect .htaccess From Outside Access: This should be at the start of each and every root .htaccess file you ever create.# Protect the .htaccess file <Files .htaccess> Order Allow,Deny […]

This article discuss .htaccess rules to provide some security to your WordPress blog. You must add these rules to your root .htaccess file.

Blog Security Using .htaccess File

Protect .htaccess From Outside Access: This should be at the start of each and every root .htaccess file you ever create.

# Protect the .htaccess file
<Files .htaccess>
Order Allow,Deny
Deny from all
</Files>

Protect wp-config.php From Unwanted Access:

# Protect wpconfig.php
<Files wp-config.php>
Order Allow,Deny
Deny from all
</Files>

Not that this rule can be in .htaccess file at the same directory as the protected file, so not necessarily the root .htaccess

Disable Directory Browsing:

# Disable directory browsing
Options All -Indexes

Protect From Spam Comments:

# Protect from spam comments
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*YOURDOMAIN.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]
</IfModule>

Prevent Hotlinking:

# Protect bandwidth
<IfModule mod_rewrite.c>
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?YOURDOMAIN\.com/ [NC]
RewriteRule .(jpg|jpeg|png|gif)$ http://ANOTHERDOMAIN.com/nohotlinking.jpg [NC,R,L]
</IfModule>

Your Own Shortlinks (in WordPress): Even if you're using SEO-friendly permalink, WordPress default url for posts and pages is still active, e.g. http://YOURDOMAIN.com/?p=123. You can use that to your advantage and use this directive to remove the need for that ?p= in the url and have your own short-URLs, like for example this post can be found as http://zemalf.com/1076

# BEGIN URL Shortening
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} ^/([0-9]+)$
RewriteRule .* http://YOURDOMAIN.com/?p=%1 [R=301,L]
</IfModule>
# END URL Shortening

Force Download (e.g. for mp3, PDFs, etc.):

<FilesMatch "\.(mov|mp3|pdf)$">
ForceType application/octet-stream
Header set Content-Disposition attachment
</FilesMatch>