Protecting WordPress With Htaccess

WordPress has become the topmost CMS in the virtual world, pushing its competitors Drupal and Joomla somewhere far behind. However, with great popularity there comes great risk! There are so many spammers, hackers and bad people in and around the internet sphere trying to attack WordPress site in the best possible way.  This is the reason why you should take some efficient steps to keep your WordPress site always protected from potential threats. One of the best ways and probably the simplest way is to strengthen the security of your WordPress website is altering the .htaccess file.

wordpress security

What is .htaccess?

Hypertext Access, shortly called as .htaccess, is a configuration file in your WordPress site directory. By making right additions or alteration to the .htaccess files, you can keep your WordPress site safe and protected from various threats. Now let us see some ways of protecting WordPress with the use of .htaccess.


One of the best ways to protect your WordPress is by restricting the use of .htaccess only to authorized personnel. This can protect the file and make sure that no one is misusing the same.

Rewrite URLs

Another good way of protecting your WordPress site from getting into a Page Not Found page is to keep rewriting the URLs. Due to some reason or the other, we intend to change the name of our website or blog. There should not be any confusion when an old visitor is trying to revisit the page. The old URL should be linked to the new one so that you do not lose potential customers. The best possible way to redirect an address to another is by using the .htaccess file. Constantly changing the URL is also one way of protecting the WordPress site from potential dangers.


The directories of your WordPress site are very important to keep the whole site intact. Hence, you may not want your visitors to keep checking into the directories. With the .htaccess configuration file, one can control the directory views and this can ensure that not all the visitors can look into the directories.

Protecting wp-config.php

wp-config.php file is one of the important files found within your WordPress installation. It contains and stores crucial information of your site such as database information and security keys. This information is very critical and you should hide it from spammers to avoid damage to your WordPress site. You can do this by editing in your .htaccess files and prevent access to your wp-config.php file.

Blocking Threatening IP Address

If you have found a particular IP address attempting to log into your admin page to attack your WordPress site, then you can block that IP address or person by using your .htaccess file.

Blocking Entry to wp-content

The WordPress content folder, within WordPress install, is an important folder that contains themes, images and other sensitive details. So, it is good to block this folder from access by other people. To do this, you must add a .htaccess file to the wp-content folder. It permits the users to view CSS, images, etc,but blocks the crucial PHP files.

By editing .htaccess files, you can boost the security of your WordPress site. Making editing is very simple; however, you should do it with proper attention to avoid big errors that if not noticed, can even break your entire site.