Summary: SecurityLast updated on: January 30, 2021WordPress security is one of the most undermined factors amongst novice bloggers. In an unsupervised WordPress installation, there are quite a few potential vulnerabilities that are left unattended. Most of the WordPress installation tutorials explain a quick and easy way to deploy WordPress in minutes. But they miss out a few important security factors. For example, directory browsing and using the ‘admin’ username are considered serious security loopholes. Today we’re going to take a look at 10 .htaccess code snippets which will help improve your WordPress blog’s security. Before we get started, let’s take a quick look into what is the htaccess file.What is the .htaccess file?An htaccess file is an optional configuration file for the Apache web server to interpret, for each directory. You can store various settings in that file such as: password protect a directory, block IPs, block a file or folder from public access, etc. Traditionally, the .htaccess file is present in the base WordPress installation directory. It stores the permalink structure by default.TIP:Before you start with the tutorial, make sure to backup the current .htaccess file (if present) in a cloud storage service like Dropbox. This is to roll back to the last known working .htaccess file, if a certain code snippet breaks your site. Let’s begin.1. Block Bad BotsOne of the best uses of the .htaccess file is its ability to deny multiple IP addresses from accessing your site. This is useful when blocking known spammers and other origins of suspicious or malicious access. The code is:# Block one or more IP address.# Replace IP_ADDRESS_* with the IP you want to blockorder allow,denydeny from IP_ADDRESS_1deny from IP_ADDRESS_2allow from allWhere IP_ADDRESS_1 is the first IP you want to prevent from accessing your site. You can add as many IPs you want. No matter what user agents (browsers) 0these IP addresses use, they won’t be able to access a single file from your server. The webserver will automatically deny all access.2. Disable Directory BrowsingThis is one of the most undermined security flaws in a WordPress site. By default, the Apache webserver enables directory browsing. This means that all files and folders inside the root directory (sometimes called the home directory) of the webserver is enlist able and accessible by a visitor. You do not want that because you don’t want people browsing through your media uploads or your theme or plugin files.If at random I pick 10 personal or business websites running WordPress, 6-8 of them won’t have directory browsing disabled. This allows anyone to e... You are listening to the topic about "Best .htaccess Snippets to Improve WordPress Security", if you want to read the full article, please visit https://geniuswp.com or the link in the description.
