HostOnNet Blog


Securing WordPress With .htaccess

To secure wordpress using .htacess add following to your main .htaccess file that is in root folder of your wordpress installation.

<Files xmlrpc.php>
order deny,allow
deny from all
allow from YOUR_IP_ADDR_HERE
</Files>

<Files wp-login.php>
order deny,allow
deny from all
allow from YOUR_IP_ADDR_HERE
</Files>

To limit access to wp-admin folder, create an .htaccess file in wp-admin folder

vi wp-admin/.htaccess

Add following content

order deny,allow
deny from all
allow from YOUR_IP_ADDR_HERE

To disable execution of PHP files from uploads folder, create file wp-content/uploads/.htaccess

vi wp-content/uploads/.htaccess

Add following content

<Files *.php>
deny from all
</Files>

Posted in Wordpress