Useful .htaccess Tricks for WordPress

Disable Directory Browsing in WordPress

Many WordPress security experts recommend disabling directory browsing. With directory browsing enabled, hackers can look into your site’s directory and file structure to find a vulnerable file. Learn more about why and how to disable directory browsing in WordPress.

To disable directory browsing in WordPress all you need to do is add this single line in your .htaccess file:


Options -Indexes

Disable PHP Execution in Some WordPress Directories

Sometimes hacked WordPress sites usually have backdoor files. These backdoor files are often disguised as core WordPress files and are placed in /wp-includes/ or /wp-content/uploads/ folders. An easier way to improve your WordPress security is by disabling PHP execution for some WordPress directories.

Create a blank .htaccess file and paste this code inside it:


deny from all

Now upload this file to your /wp-content/uploads/ and /wp-includes/ directories. For more information check out this tutorial on how to disable PHP execution in certain WordPress directories.


Protect Your WordPress Configuration wp-config.php File

Probably the most important file in your WordPress website’s root directory is wp-config.php file. It contains information about your WordPress database and how to connect to it. To protect your wp-config.php file from unathorized access, simply add this code to your .htaccess file:


order allow,deny
deny from all

Een vrijblijvende offerte

Offerteaanvraag, nieuwsgierig of gewoon zin om eens te komen babbelen bij een heerlijk kopje koffie? Contacteer ons voor een vrijblijvende afspraak.

Vrijblijvende offerte