htaccess – Brecht Ryckaert

In this article I’ll share some of the security tweaks I tend to add to the .htaccess to improve security of the WordPress-installation.

Hide the wp-config.php file

Since the wp-config.php file contains our database credentials, we do not want this file to be accessible, PERIOD. So by adding this snippet to our .htaccess file we can prevent access to it:

#hide wp-config file
<files wp-config.php>
order allow,deny
deny from all
</files>

This rule will prevent that the wp-config.php is accessible.

Hide the .htaccess file itself

Preventing abuse by adding rules to our .htaccess is only useful if the .htaccess can’t be compromised itself.

Tag: htaccess

Improving WordPress security with the .htaccess