Are you looking for some useful tips on your WordPress website .htaccess file?
The .htaccess file is a powerful configuration file that allows you to do a lot of things on your website. In this tutorial, we'll show you some of the most useful tips to try right away.
But before, if you have never installed WordPress discover How to Install a WordPress Blog in 7 Steps et How to search, install and activate a WordPress theme on your blog
Then back to why we are here.
What is .htaccess file and how do I edit it?
The .htaccess file is a server configuration file. It allows you to define rules for your server so that it better matches your website.
Discover also: How to find the ".htaccess" file on WordPress
WordPress uses the ".htaccess" file to generate an SEO URL structure. However, this file can do much more.
The .htaccess file is located in the root folder of your WordPress website. You need to connect to your website using an FTP client to edit it.
Before editing your .htaccess file, it is important to download a copy of it to your computer as a backup. You can use it in case of problem.
With that said, let's take a look at some useful ".htaccess" tips for WordPress that you can try.
1 - Protect your WordPress dashboard
You can use ".htaccess" to protect your WordPress dashboard by restricting access only to selected IP addresses. Just copy and paste this code into your .htaccess file:
AuthUserFile / dev / null AuthGroupFile / dev / null AuthName "WordPress Admin Access Control" AuthType Basic order deny, allow deny from all # whitelist Syed's IP address allow from xx.xx.xx.xxx # whitelist David's IP address allow from xx.xx.xx.xxx
Remember to replace the xx values with your own IP address. If you are using more than one IP address to access the Internet, be sure to add them.
2 - Protecting the wp-admin folder with a password
If you are accessing your WordPress website from multiple locations, including public areas, restricting access to IP addresses may be a problem for you.
See also our article on 8 WordPress plugins to protect your website with a password
You can use the .htaccess file to add additional password protection to your WordPress dashboard.
First, you need to generate an “.htpasswds ". You can easily create one using this generator online.
Download this file.htpasswds outside your publicly accessible web directory or / public_html / folder. The right path would be:
Then create a .htaccess file and upload it to the / wp-admin / directory, then add the following codes here:
AuthName "Admins Only" AuthUserFile /home/yourdirectory/.htpasswds/public_html/wp-admin/passwd AuthGroupFile / dev / null AuthType basic require user putyourusernamehere Order allow, deny Allow from all Satisfy any
Important: Remember to replace the path AuthUserFile by the path of your file " .htpasswds And add your own username.
3 - Disable directory browsing
Many WordPress security experts recommend disabling directory browsing. With directory browsing enabled, hackers can search your website's directory and file structure to find a vulnerable file.
To disable directory browsing on your website, you must add the following line to your .htaccess file.
4- Disable PHP execution in certain WordPress directories
Sometimes hackers enter a WordPress website and install a back door. These backdoor files are often disguised as main WordPress files and are placed in / wp-includes / or / wp-content / uploads /.
How to modify or update the PHP version of WordPress? Find out by following this link.
An easier way to improve your WordPress security is to disable PHP execution for certain WordPress directories.
You will need to create a blank .htaccess file on your computer and then paste the following code inside of it.
deny from all
Save the file, then download it to your folder / Wp-content / uploads / et / wp-includes /.
5 - Protect your WordPress wp-config.php configuration file
The most important file in the root directory of your WordPress website is the file " wp-config.php ". It contains information about your WordPress database and how to connect to it.
Go further with: What changes on wp-config.php to secure your WordPress blog
To protect your wp-config.php file, simply add this code to your .htaccess file:
order allow, deny deny from all
Discover also some premium WordPress plugins
You can use other WordPress plugins to give a modern look and optimize the grip of your blog or website.
We offer you here some premium WordPress plugins that will help you do that.
1. WooCommerce Birthday Discount Vouchers
Whenever a new user registers on your website on their birthday, this plugin automatically generates a coupon code based on admin settings and sends it to the registered user on their birthday.
See also these 9 WooCommerce plugins to generate PDF invoices
This WordPress plugin internally uses coupons WooCommerce by default, so there are a lot of filter options and criteria when setting up birthday coupons.
2. Stachethemes Event Calendar
Stachethemes Event Calendar is a premium WordPress plugin that allows you to create detailed events for users and visitors to your website. The functionality of the plugin allows you to add several types of information such as a detailed introduction with a photo gallery, calendar of events, guest list, location, weather, comment section, etc.
Its main functions are: import and export of .ics files, creation of events lasting one or more days, the choice of color that you want for your calendar category, the repetition of the event (daily, weekly, monthly or yearly), the ability to choose how many times the event will repeat, options to set aside the repetitions, and more…
Although connecting to WordPress via social networks is very useful, it is the many connection features and the management of the profile section that make the premium WordPress plugin UserPro an excellent modern tool for creating registration and login forms.
Discover our 9 WordPress plugins to migrate and clone your blog
Its features are among others: theonnection on WordPress in one click thanks to the buttons of the different social networks, the mbeautiful User Profile section on the front-end, the uUnlimited use of custom fields, the configuration of content restrictions, et more.
Other recommended resources
We also invite you to consult the resources below to go further in the grip and control of your website and blog.
- 8 WordPress plugins to integrate a reduction system
- 10 WooCommerce plugins to calculate delivery costs
- 10 WordPress plugins to create a newsletter
- 10 essential WordPress plugins to install on your blog
Here is ! That's all for these tips, we hope they will allow you to further protect your WordPress blog. If you have some Comments or suggestions, do not hesitate to let us know in the reserved section.
However, you will also be able to consult our resources, if you need more elements to carry out your projects of creation of Internet sites, by consulting our guide on the WordPress blog creation or the one on Divi: the best WordPress theme of all time.
But meanwhile, share this article on your different social networks ...