There are many methods to secure WordPress website and htaccess file can play very important role in website security which I will discuss in this post. WordPress is one of the most popular CMS with over 35% of internet website are build on WordPress CMS at this time of writing this post. There other CMS like Squarespace, Joomla, Drupal etc but use by only fewer sites. WordPress is far ahead as compared to its competitor. Previously WordPress users to create a blog or website But now WordPress core code changed a lot as well as the massive ecosystem of Plugins and theme, you can create any type of website with WordPress.
As WordPress is more popular CMS, therefore, it is the main target for a hacker. As per Sucuri WordPress accounted for 90 per cent of all hacked CMS sites in 2018. WordPress is very secure by default itself most of the security breach occurs due to the use of theme and plugin from unauthorized sources. on WordPress Platform website security hardening means securing a website by reducing its surface of vulnerability. More use of theme and plugin, Showing directory or WordPress version provides a potential entry point to a hacker.
Sucuri experts blamed most of the hacks on vulnerabilities in plugins and themes, misconfiguration issues, and a lack of maintenance by webmasters, who often forgot to update their CMS, themes, and plugins.
Overview of htaccess File-:
When we Install WordPress, We actually download a group of files known as WordPress core files that become admin interface of our website. WordPress core files make up the appearance and functionality of the WordPress platform, and content files are added by the user in the form of themes, plugins, and images. wp-config file has big importance became tells WordPress where to find your site’s database.
.htaccess is a configuration file for use on web servers running the Apache Web Server software. When a .htaccess file is placed in a directory which is in turn ‘loaded via the Apache Web Server’, then the .htaccess file is detected and executed by the Apache Web Server software. These .htaccess files can be used to alter the configuration of the Apache Web Server software to enable/disable additional functionality and features that the Apache Web Server software has to offer.
If your website hosted on Nginx server you will not have .htaccess file. In Nginx, you will use the
try_files directive to accomplish the same thing.By default, the configuration file is named nginx.conf and placed in the directory /usr/local/nginx/conf , /etc/nginx or /usr/local/etc/nginx.
How to Secure WordPress Plugin Files using .htaccess file-:
Plugins add incredible functionality to your website. But, they can also leave your website vulnerable to attackers. These can give direct access to unauthorized users and can challenge your website security. But these add awesome features to your site, so it is not wise to stop using them. Rather you can add this code to prevent anyone from having direct access to your plugin files:
<files ~ ".(js|css)$"="&quot;.(js|css)$&quot;"> order allow,deny allow from all </files>
Conclusion-: Rather than depending upon WordPress Security Plugin Manual security configuration is far better. You can give your comments in the comment section.
If you like my work, Please Share on Social Media! You can Follow WP knol on Facebook, Twitter, Pinterest, Quora and YouTube for latest updates. You may Subscribe to WP Knol Newsletter to get latest updates via Email. You May also Continue Reading my Recent Posts Which Might Interest You.