.htaccess rules to Harden your website’s Security

Below you see a list of the important rules that you can add to your .htaccess file to harden security, by greatly limiting the exposure of your website to many types of attacks.
Some of these rules include basic redirects, locking outside access to particular files, or more advanced functions such as preventing image hotlinking.
Add the following snippet to your /public_html/.htaccess file and modify where necessary.

# Block Bad Bots and Spiders using .htaccess (Click for more)

# Disable the server signature
ServerSignature Off

# Disable unauthorized directory browsing
Options All -Indexes

# Block access to multiple file types
# Apache < 2.4
<IfModule !mod_authz_core.c>
 <FilesMatch "\.(htaccess|htpasswd|ini|log|sh)$">
  Order deny,allow
  Deny from all
 </FilesMatch>
</IfModule>
# Apache >= 2.4
<IfModule mod_authz_core.c>
 <FilesMatch "\.(htaccess|htpasswd|ini|log|sh)$">
  <RequireAll>
   Require all denied
  </RequireAll>
 </FilesMatch>
</IfModule>

# Protect your wp-config.php file
# Apache < 2.4
<IfModule !mod_authz_core.c>
 <Files wp-config.php>
  Order deny,allow
  Deny from all
 </Files>
</IfModule>
# Apache >= 2.4
<IfModule mod_authz_core.c>
 <Files wp-config.php>
  <RequireAll>
   Require all denied
  </RequireAll>
 </Files>
</IfModule>

# Prevent Image Hot Linking. Replace with your domain name
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?yourdomain.com/.*$ [NC]
RewriteRule .(gif|jpg|swf|flv|png)$ http://www.yoursite.com/hotlink.gif [R,L]

GET/POST Security with .htaccess (Click for more)

  • Email, SSL
  • 1 Users Found This Useful
Was this answer helpful?

Related Articles

Do you support mod_rewrite for apache?

Yes, mod_rewrite is enabled on your server. For more information on what mod_rewrite is and how...

How to execute php code as .htm or .html files

In your .htaccess file insert this line of code. addhandler application/x-httpd-php .htm .html

Disabling Magic Quotes GPC

How to turn off magic quotes gpc (required by Joomla 3 and some other scripts).1. Create a...

How can I prevent my site from being hacked?

Typically, most sites are hacked because of poor passwords, older and exploitable software, or...

Block Bad Bots and Spiders using .htaccess

Below is a useful code block for blocking a lot of the known bad bots and site rippers currently...