Many WordPress users know the .htaccess file from fixing permalinks or make 301 redirects from old to new pages. But you can do more with your .htaccess file! With the .htacess file you can improve your site’s performance and security. In this article we’ll give you some nice .htaccess tricks to make WordPress more secure.

Before you start

Before you’re going to make changes, you need to backup your current .htaccess file. If something goes wrong, you can always restore the old file.

You need an FTP client to edit your .htaccess file. If you don’t see the .htaccess file right away, it’s probably hidden. Make sure you’re FTP client see also the hidden files.

1. Disable directory browsing in WordPress

We recommend disabling directory browsing. On many shared hosting this is already done for you by your hosting company, but you just want to make sure you can add the following code to your .htaccess file.

What is “Directory browsing” and why do I need to disable it?

With direcotry browsing enabled hackers can look into your site’s directory and file structory to find a file which they can hack. You can disable directory browsing by adding the next line to your .htaccess file:

Options -Indexes

2. Protect your WP-config.php

Your wp-config.php, located in the website’s root directory, is your WordPress configuration file and very important! It contains information about your WordPress installation, database and sometimes FTP details. You can easily protect your wp-config.php from unauthorized access, put the following code in your .htaccess file:

<files wp-config.php>

order allow, deny

deny from all

</files>

3. Protect your .htaccess file

You can also protect your .htaccess file from unauthorized access. You can add the following code to your .htaccess file to make it more secure.

<files ~ "^.*\.([Hh][Tt][Aa])">

order allow,deny

deny from all

satisfy all

</files>

We hope you like our .htaccess tips and tricks for WordPress. If you have questions, just leave a comment to this post 😉