In this article we will talk about apache settings using the htaccess file. What is a .htacces file and what is it for you can read on my website in the article "What is .htaccess?". Next, we will look at how to use htaccess to close the admin panel, protect the admin panel with an additional password, disable directory browsing, disable the execution of php scripts in some directories, protect the wp-config file.php, configure redirects, prohibit suspicious IP addresses, increase the size of WordPress files downloads. If you're interested, read on.
And the first thing we will do is to close access to the admin panel.
Close access to the admin panel using .htaccess
In order to close access to the WordPRess admin panel and leave access only for dedicated IPs just paste the following code into your .htaccess:
<LIMIT GET> order deny,allow deny from all allow from 192.168.1.1 </LIMIT>
Where 192.168.1.1 change to your own.
HTTP-authorization in the WordPress admin panel
We can additionally close the admin panel with a password using htaccess. To do this, we need to generate a .htpasswd file. Then upload this file to the server and .htaccess add the following code:
AuthType Basic AuthName "Input username and password" AuthUserFile <the path to the file .htpasswd> Require valid-user
You can read more about this in the article "HTTP Basic Authentication or HTTP Authorization»
Disable directory browsing
In order to disable viewing of files in the directory, you need to add the following line to the .htaccess.
Disabling the execution of PHP scripts in some directories
In order to disable the execution of php scripts in the directory, create an .htaccess file in it and place the following code in this file:
<Files *.php> deny from all </Files>
Securing the wp-config file.php
To protect the wp-config file.php from unauthorized access, add the following code to .htaccess
<files wp-config.php> order allow,deny deny from all </files>
Set up 301 redirects
Sometimes it is necessary to transfer the content to another url, for example, our site has moved to https. In order to correctly and quickly make a redirect 301 you need to add the following code to .htaccess:
Redirect 301 /<old address>/ <new address>
Prohibition of suspicious IP addresses
In order to deny access from some IP addresses, you need to add the following code to .htaccess:
<Limit GET POST> order allow,deny deny from 192.168.1.1 allow from all </Limi>
Where 192.168.1.1 change to the necessary IP address that we want to block.
Increase the size of file downloads
In order to allow downloading files larger than configured in apache, you need to add the following code to .htaccess:
php_value upload_max_filesize 64M php_value post_max_size 64M php_value max_execution_time 300 php_value max_input_time 300
But for users with shared hosting, some methods may not work.
We've covered a few useful ways to configure apache using .htaccess. These methods can be used not only for sites managed by WordPress, but also for sites managed by various CMS.