The .htaccess file is a configuration file that allows you to control files and folders in the current directory, and all sub-directories. This file is probably one of the most important configuration tools you could use to adjust the server settings to your needs. In fact, In fact, this file is much more to .htaccess than permalinks and its strongest side is probably the capacity to reinsure your website, and protect it from hackers, spammers, and other unauthorized visitors.

The following tips and tricks will help you speed up your WordPress blogs, secure them, and allow you to easily customize your site in various ways.

Protect WP-config.php 

WP-config.php is one of the most important files of your WordPress website as it is configuration files and includes many important settings. It is therefore advisable to disable access to it.

<files wp-config.php>
order allow,deny
deny from all

Restrict admin area access 

You can use .htaccess to protect your WordPress admin area by limiting the access to selected IP addresses only.

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "WordPress Admin Access Control"
AuthType Basic
order deny,allow
deny from all
# whitelist Syed's IP address
allow from
# whitelist David's IP address
allow from

Simply copy and paste this code into your .htaccess file and replace xx values with your own IP address.

Ban IP Addresses 

If you know the IP address of a malicious party, you can completely ban them from your website using the snippet below. All it takes is to open the .htaccess file and to add the following code:

<Limit GET POST>
order allow,deny
deny from
deny from
allow from all

Disable Directory Browsing

With directory browsing enabled, hackers can look into your site’s directory and file structure to find a vulnerable file. To disable browsing of your directories, simply add this small piece of code to your .htaccess file:

Options -Indexes

Redirect a URL 

There are times when you change your domain, or move your website to a new location. This is when you need to notify search engines about the move and redirect pages or URLs. To redirect a location, all you need to do is add a line with Redirect 301, followed by the old location and then the new location.

Redirect 301 /oldpage.html
Redirect 301 /oldfolder/page2.html /folder3/page7.html
Redirect 301 / 

Disable Hotlinking

Hotlinking basically means allowing someone to share the images of your website through linking to the image URL. Hotlinking can have a negative effect on your website. In addition to slowing your website down, it can also significantly increase your bandwidth costs with your hosting company.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)? [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)? [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ [NC,R,L]

Protect .htaccess From Unauthorized Access

Due to how much control .htaccess has over your whole website, it is important to protect the file from unauthorised users. Simply add following code to your .htaccess file:

<files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all

We hope this article helped you learn some useful .htaccess tips & tricks for WordPress.