The file " ..htaccess "(abbreviation of "Hypertext Access") in your blog directory is a configuration file that you can use to replace the settings of your web server.

With good orders, you can enable or disable certain features and additional features to protect your website from spammers, hackers and other threats.

Some of these commands include Redirections, protecting certain files, or more advanced functions such as password protection or the protection of an image from hotlinking.

In this tutorial we will see some simple changes that you can add to your file ".Htaccess" to make your blog more secure

But first, if you've never installed WordPress, find out How to install a WordPress blog in 7 steps et How to search, install and activate a WordPress theme on your blog 

Then let's go to why we are here.

Changing the .htaccess file

When you activate permalinks on WordPress, an .htaccess file is automatically created at the root of your website.

When WordPress writes to a “..htaccess ", It always writes the data between the following hasstags:

# BEGIN WordPress
 #WordPress End. 

The character "#Refers to the comments in the file, so they will not affect your configuration.

These files are powerful and the slightest syntax error, such as forgetting a character " <", can make your website unavailable. It is therefore important to make a backup of your file .htaccess before making any changes.

Also read our guide on Some htaccess tricks you probably do not know

Some operating systems do not allow you to create an .htaccess file. The best way to work around this problem is:

  • Using Notepad or a similar text editor, add your commands to the editor
  • Save the file as a file .txt
  • Then send the file to your website
  • Once downloaded, rename the file for ".Htaccess"

You should immediately refresh your blog to see if everything is going well. Otherwise, you can still restore the old .htaccess file.

How to protect your wp-config.php file

One of the most important files in your WordPress installation is the. wp-config.php.

This file is located at the root of your WordPress installation and contains details about the basic configuration of your blog, such as your WordPress security keys and database connection information. This information is of course sensitive and those who access it can damage your blog.

Discover also our 10 WordPress plugins to protect the content of a website

You can protect your "wp-config.php" file by adding the following text to your htaccess file. :



order allow, deny

deny from all

Of course, you will still be able to access the file via FTP and on the cPanel.

How to prevent browsing in WordPress folders

Protect your WordPress folders, is an obscurity security. This method will hide your folders, which will prevent users from seeing your content.

It's a good practice to hide your records, which works great with other methods of protection (Which we list in this article).

To hide your folders, you need to add this code to the .htaccess file:

All -indexes options

How to prevent Hotlinking your blog

Hotlinking depletes your bandwidth, which happens when people use your images on another website. If nearly 10.000 people can see this image on another website, then the bandwidth costs will not be charged to the new website. (Which makes use of your image)but at your expense.

You can add a code to your file .htaccess to prevent hotlinking on your blog:

RewriteEngine On

RewriteCond% {HTTP_REFERER}! ^ $

RewriteCond% {HTTP_REFERER}! ^ Http: // (www.) • yourdomainname /.*$ [NC]

RewriteRule (gif | jpg) $ http: // yourdomainname /hotlink.gif [R, L]

Do not forget to change the value " yourdomainname By your domain name, and "Hotlink.gif" To an image indicating that the hotlinking is disabled on your blog.

Restrict access to your dashboard

There are a few ways to protect access to your dashboard. The easiest way is to use IP addresses (especially if you access your blog from one place). To do this, you must add the following line of code to a new .htaccess file.

order deny, allow

Allow from vosip

deny from all

Change the value "yourip" to your IP address. To find your IP address, go to the following website: My-IP, once you have added your IP and saved the htaccess file, send it to the folder " / Wp-admin "(and no longer at the root of the installation).

See also our guide on How to customize the WordPress dashboard for a client

By performing this action, you will be the only one to access your dashboard. To add a new IP address (For new administrators for example), you will have to modify the .htaccess file which is in the folder « / Wp-admin », And add just after your IP address, the following code:

Admin_ip_1, admin_ip_2, admin_ip_3

Or " admin_ip_1 "," admin_ip_2 " and " admin_ip_3 Will be replaced by valid IP addresses corresponding to the different IPs of the administrators.

Protect your ".htaccess" file

You will never be safe if the very foundation of your security system is vulnerable. You must therefore, protect your .htaccess file. When a visitor tries to access your file ".Htaccess", the server will generate an error page automatically (403).

To protect your ".htaccess" file, you must add this code:



order allow, deny

deny from all

In short

Editing your ".htaccess" file or creating a new one for subfolders can greatly increase the security of your blog. You can therefore use these tips to boost the security of your blog in addition to other measures that you have learned on the web or here on blogpascher.

Discover also some themes and premium WordPress plugins  

You can use other WordPress plugins to give a modern appearance and to optimize the handling of your blog or website.

We offer you here some premium WordPress plugins that will help you do that.

1. Facebook Comments for WordPress and WooCommerce

“WP Facebook Comments” is a WordPress Plugin premium that allows users to comment on your blog content using their Facebook accounts.

Facebook comments for wordpress and woocommerce wordpress plugin

Users can also choose to share their commenting activities with their friends (and friends of their friends) on Facebook.

Read our article on How content marketing affects the SEO of your blog

This plugin comes with built-in moderation tools and a social report ranking.

Download | Demo | Web hosting

2. Zxeion

Zxeion is a powerful WordPress Plugin premium responsible for improving the security of your website. This plugin contains a collection of protection and security tools that will protect your website against possible attacks.

Zxeion wordpress plugins protect site against malware virus attacks

Its real-time protection system will help you identify threats to your website and block them, without you having to do anything.

So much to see... 10 WordPress Themes to Create an Event Website

Its main features are: real-time protection, excellent customer support, regular updates, an IP address blocker, excellent documentation, modern and professional interface, dedicated customer support and others.

Download | Demo | Web hosting

3. WP Membership

Le WordPress Plugin premium WP Membership has the advantage of being multilingual and so far comes with nearly 11 languages ​​in its repertoire. He will help you as others do WordPress plugins from this list to protect your content.

Wp membership

As main features, it offers among others: support for several payment gateways - Paypal, Stripe-, several models of price grid, 2 page templates dedicated to registration, 5 models of profile section.

However, its strength lies in the fact that you will hardly have to configure or customize it. Just install it and start protecting your content.

Download | Demo | Web hosting 

Recommended Resources

Find out about other recommended resources to help you build and manage your website.

Conclusion

So ! That's it for this tutorial. We hope it helps you improve the security of your WordPress blog. Do not hesitate to share with your friends on your favorite social networks

However, you will also be able to consult our resources, if you need more elements to carry out your projects of creation of Internet sites, by consulting our guide on the WordPress blog creation.

And if you have any suggestions or remarks, leave them in our section Comments.

...