{"id":6227,"date":"2020-12-21T15:49:57","date_gmt":"2020-12-21T15:49:57","guid":{"rendered":"https:\/\/truehost.co.ke\/support\/?post_type=ht_kb&#038;p=6227"},"modified":"2024-06-21T08:31:31","modified_gmt":"2024-06-21T08:31:31","password":"","slug":"how-to-secure-wordpress-with-htaccess-file","status":"publish","type":"docs","link":"https:\/\/truehost.com\/support\/knowledge-base\/how-to-secure-wordpress-with-htaccess-file\/","title":{"rendered":"How to secure WordPress with .htaccess file"},"content":{"rendered":"\n<p>.htaccess file is a very powerful file used for a number of feature implementation on Apache and Litespeed Web Servers. Most of the settings here can be implemented using plugins such as Bullet Proof Security or Wordfence.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">1. Protect against external attacks<\/h2>\n\n\n\n<p>As the .htaccess file is a pwerful file, it should be protected from external attacks. To do so, add the code below to your .htaccess file<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">#PROTECT HTACCESS<br>&lt;Files .htaccess><br>Order Allow, Deny<br>Deny from all<br>&lt;\/Files>&lt;files .htaccess=\"\">&lt;\/files><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">2. <strong>Disable directory browsing<\/strong><\/h2>\n\n\n\n<p>When your site does not have an index.html or index.php file, the files in your document root will all be listed when your domain is accessed. To protect against this, add the following in your .htaccess file<\/p>\n\n\n\n<p># DISABLE DIRECTORY LISTING<br>Options All \u2013Indexes<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">3. Protect wp-config .php file<\/h2>\n\n\n\n<p>This file contains a lot of sensitive data about your wordpress site. Thus, it needs to be protected. The first thing you can do is place minimal permissions for it, such as 0400. Then add the directives below to your .htaccess file<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"># PROTECT WP-CONFIG FILE<\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\">&lt;files wp-config.php=\"\">\n&lt;files wp-config.php>\norder allow,deny\ndeny from all\n&lt;\/files>\n&lt;\/files><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">4. Limit access to wp-content directory<\/h2>\n\n\n\n<p>This folder contains a lot of data and users should only be allowed to access specific data. To do this, create a new .htaccess file inside wp-content folder(not document root) then add the code below<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">Order deny,allow<br>Deny from all<br>&lt;Files ~ \u201c.(xml|css|jpeg|png|gif|js)$\u201d><br>Allow from all<br>&lt;\/Files><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">5. Secure wp-admin folder<\/h2>\n\n\n\n<p>The wp-admin folder should only be accessed by users who make posts or edit the admin folder. If you use a static network IP address (one that does not keep changing), you can secure the folder by adding the code below<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"># RESTRICT WP-ADMIN ACCESS<br>order deny,allow<br>allow from 12.34.56.78 # This is your static IP<br>deny from all<\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">6. Prevent script injection<\/h2>\n\n\n\n<p>Script injection is one of the most popular ways to launch attacks on wordpress sites. Toprotect against this, add the following to your .htaccess file<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">#PROTECT AGAINST SQL INJECTION<br>Options +FollowSymLinks<br>RewriteEngine On<br>RewriteCond %{QUERY_STRING} (\\&lt;|%3C).*script.*(\\&gt;|%3E) [NC,OR]<br>RewriteCond %{QUERY_STRING} GLOBALS(=|\\[|\\%[0-9A-Z]{0,2}) [OR]<br>RewriteCond %{QUERY_STRING} _REQUEST(=|\\[|\\%[0-9A-Z]{0,2})<br>RewriteRule ^(.*)$ index.php [F,L]<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>.htaccess file is a very powerful file used for a number of feature implementation on Apache and Litespeed Web Servers. Most of the settings here can be implemented using plugins such as Bullet Proof Security or Wordfence. 1. Protect against external attacks As the .htaccess file is a pwerful file, it should be protected from [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","template":"","meta":{"_eb_attr":"","_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"footnotes":""},"doc_category":[1838],"doc_tag":[],"class_list":["post-6227","docs","type-docs","status-publish","hentry","doc_category-wordpress"],"year_month":"2026-07","word_count":374,"total_views":0,"reactions":{"happy":0,"normal":0,"sad":0},"author_info":{"name":"w m","author_nicename":"wm","author_url":"https:\/\/truehost.com\/support\/author\/wm\/"},"doc_category_info":[{"term_name":"WordPress","term_url":"https:\/\/truehost.com\/support\/docs-category\/wordpress\/"}],"doc_tag_info":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>How to secure Wordpress with .htaccess file -<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/truehost.com\/support\/knowledge-base\/how-to-secure-wordpress-with-htaccess-file\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to secure Wordpress with .htaccess file -\" \/>\n<meta property=\"og:description\" content=\".htaccess file is a very powerful file used for a number of feature implementation on Apache and Litespeed Web Servers. Most of the settings here can be implemented using plugins such as Bullet Proof Security or Wordfence. 1. Protect against external attacks As the .htaccess file is a pwerful file, it should be protected from [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/truehost.com\/support\/knowledge-base\/how-to-secure-wordpress-with-htaccess-file\/\" \/>\n<meta property=\"article:modified_time\" content=\"2024-06-21T08:31:31+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/truehost.com\\\/support\\\/knowledge-base\\\/how-to-secure-wordpress-with-htaccess-file\\\/\",\"url\":\"https:\\\/\\\/truehost.com\\\/support\\\/knowledge-base\\\/how-to-secure-wordpress-with-htaccess-file\\\/\",\"name\":\"How to secure Wordpress with .htaccess file -\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/truehost.com\\\/support\\\/#website\"},\"datePublished\":\"2020-12-21T15:49:57+00:00\",\"dateModified\":\"2024-06-21T08:31:31+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/truehost.com\\\/support\\\/knowledge-base\\\/how-to-secure-wordpress-with-htaccess-file\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/truehost.com\\\/support\\\/knowledge-base\\\/how-to-secure-wordpress-with-htaccess-file\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/truehost.com\\\/support\\\/knowledge-base\\\/how-to-secure-wordpress-with-htaccess-file\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/truehost.com\\\/support\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to secure WordPress with .htaccess file\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/truehost.com\\\/support\\\/#website\",\"url\":\"https:\\\/\\\/truehost.com\\\/support\\\/\",\"name\":\"\",\"description\":\"Help In a Click\",\"publisher\":{\"@id\":\"https:\\\/\\\/truehost.com\\\/support\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/truehost.com\\\/support\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/truehost.com\\\/support\\\/#organization\",\"name\":\"Truehost Kenya\",\"url\":\"https:\\\/\\\/truehost.com\\\/support\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/truehost.com\\\/support\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/truehost.com\\\/support\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/cropped-image_2026-04-16_174808866.png\",\"contentUrl\":\"https:\\\/\\\/truehost.com\\\/support\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/cropped-image_2026-04-16_174808866.png\",\"width\":240,\"height\":48,\"caption\":\"Truehost Kenya\"},\"image\":{\"@id\":\"https:\\\/\\\/truehost.com\\\/support\\\/#\\\/schema\\\/logo\\\/image\\\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to secure Wordpress with .htaccess file -","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/truehost.com\/support\/knowledge-base\/how-to-secure-wordpress-with-htaccess-file\/","og_locale":"en_US","og_type":"article","og_title":"How to secure Wordpress with .htaccess file -","og_description":".htaccess file is a very powerful file used for a number of feature implementation on Apache and Litespeed Web Servers. Most of the settings here can be implemented using plugins such as Bullet Proof Security or Wordfence. 1. Protect against external attacks As the .htaccess file is a pwerful file, it should be protected from [&hellip;]","og_url":"https:\/\/truehost.com\/support\/knowledge-base\/how-to-secure-wordpress-with-htaccess-file\/","article_modified_time":"2024-06-21T08:31:31+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/truehost.com\/support\/knowledge-base\/how-to-secure-wordpress-with-htaccess-file\/","url":"https:\/\/truehost.com\/support\/knowledge-base\/how-to-secure-wordpress-with-htaccess-file\/","name":"How to secure Wordpress with .htaccess file -","isPartOf":{"@id":"https:\/\/truehost.com\/support\/#website"},"datePublished":"2020-12-21T15:49:57+00:00","dateModified":"2024-06-21T08:31:31+00:00","breadcrumb":{"@id":"https:\/\/truehost.com\/support\/knowledge-base\/how-to-secure-wordpress-with-htaccess-file\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/truehost.com\/support\/knowledge-base\/how-to-secure-wordpress-with-htaccess-file\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/truehost.com\/support\/knowledge-base\/how-to-secure-wordpress-with-htaccess-file\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/truehost.com\/support\/"},{"@type":"ListItem","position":2,"name":"How to secure WordPress with .htaccess file"}]},{"@type":"WebSite","@id":"https:\/\/truehost.com\/support\/#website","url":"https:\/\/truehost.com\/support\/","name":"","description":"Help In a Click","publisher":{"@id":"https:\/\/truehost.com\/support\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/truehost.com\/support\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/truehost.com\/support\/#organization","name":"Truehost Kenya","url":"https:\/\/truehost.com\/support\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/truehost.com\/support\/#\/schema\/logo\/image\/","url":"https:\/\/truehost.com\/support\/wp-content\/uploads\/2026\/04\/cropped-image_2026-04-16_174808866.png","contentUrl":"https:\/\/truehost.com\/support\/wp-content\/uploads\/2026\/04\/cropped-image_2026-04-16_174808866.png","width":240,"height":48,"caption":"Truehost Kenya"},"image":{"@id":"https:\/\/truehost.com\/support\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/truehost.com\/support\/wp-json\/wp\/v2\/docs\/6227","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/truehost.com\/support\/wp-json\/wp\/v2\/docs"}],"about":[{"href":"https:\/\/truehost.com\/support\/wp-json\/wp\/v2\/types\/docs"}],"author":[{"embeddable":true,"href":"https:\/\/truehost.com\/support\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/truehost.com\/support\/wp-json\/wp\/v2\/comments?post=6227"}],"version-history":[{"count":1,"href":"https:\/\/truehost.com\/support\/wp-json\/wp\/v2\/docs\/6227\/revisions"}],"predecessor-version":[{"id":6228,"href":"https:\/\/truehost.com\/support\/wp-json\/wp\/v2\/docs\/6227\/revisions\/6228"}],"wp:attachment":[{"href":"https:\/\/truehost.com\/support\/wp-json\/wp\/v2\/media?parent=6227"}],"wp:term":[{"taxonomy":"doc_category","embeddable":true,"href":"https:\/\/truehost.com\/support\/wp-json\/wp\/v2\/doc_category?post=6227"},{"taxonomy":"doc_tag","embeddable":true,"href":"https:\/\/truehost.com\/support\/wp-json\/wp\/v2\/doc_tag?post=6227"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}