.htaccess security tips: Prevent website from Hacking


.htaccess security tips Prevent website from Hacking

Today we are going to see about the security tips available for .htaccess file to prevent your Website from Hacking. Before moving with the tips let me give a small note about the .htaccess file. A .htaccess file is a powerful tool for managing your server and this controls the high-level configuration of your Website. Ok, now let me show you few tips to secure your Website.


  • Before changing anything in the .htaccess file, make a backup copy of this file and save it on your PC. If anything happens after modifying the file, you can delete it and add the backup file later.
  • Take the backup of the whole website.
  • Unhide the .htaccess file before starting this process or if you don’t have a .htaccess file create one and save the following process.

1. Limit access for files in .htaccess

To secure the WordPress websites, first, restrict the wp-login.php and wp-admin directories. First, let us see “How to limit access to Specific file”;

  • Go to CPanel -> File manager -> Settings.
  • Then select Show Hidden Files (dotfiles) and hit on OK to confirm.
  • Now you could see the hidden files. From that right-click on the .htaccess file and choose Edit.
  • Scroll down to the end of the text and type the following code.
<Files <Type a File Name>.php>

Order allow, deny

Deny from all

Allow from (Enter your IP address.

  • This stops accessing the specific file of your Website.

Next, let us see “How to limit access to a whole directory”.

Order allow, deny

Deny from all

Allow from <Enter your IP address>

This stops the access for the whole directory.

2. Prevent Directory Browsing in .htaccess

Don’t let others browse on our directory. The hosting provider sets this as a default setting on your CPanel. If in case it is not, you can add the following command to your .htaccess file to stop browsing the directories through a web browser.

Options All- Indexes

3. Prevent Hotlinking in .htaccess

Hotlinking is not a serious thing, but if someone is using hotlinking on your website the server will lose the bandwidth. The following code will stop other websites displaying images hosted on your site.

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$ 
RewriteCond %{HTTP_REFERER} !^http://(www.)?yourhosting.com/.*$ [NC] 
RewriteRule .(jpeg|JPEG|jpe|JPE|jpg|JPG|gif|GIF|png|PNG)$ https://www.yourhosting.com/no-hotlinking.png%20[R,L]

4. Enable HSTS  in .htaccess

If the HSTS (HTTP Strict Transport Security) is enabled on your server then the web browsers will access only over the valid https connection.

Header set Strict-Transport-Security "max-age=31536000" env=HTTPS

I hope these tips will make your website protective.