Securing WordPress Backend

Many WordPress users come across .htaccess file when fixing their permalinks. However you can do so much more.

The .htaccess file is a powerful configuration file that allows you to improve your site’s security and performance.

Below, we’ve listed just a few, very useful htaccess tricks.

Securing WP-Includes

# Block the include-only files.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]

# BEGIN WordPress

Securing wp-config.php

<files wp-config.php>
order allow,deny
deny from all

Securing .htaccess

<Files .htaccess> order allow,deny deny from all </Files>


Prevent Directory Browsing

Options All -Indexes


That’s it, Pretty simple yeah?

Editing your .htaccess file or creating new ones for sub-directories can boost security on your site. Still, it’s best to use the tips above to complement other security measures you have in place for your site.

Was this article helpful?

Related Articles

Leave A Comment?