Knowing your .htaccess file is vital as with the .htaccess file you can do tons of stuff to your WordPress blog. If you have a habit of trying out new plugins, installing them, removing them, etc. you also have to be aware that a corrupted .htaccess file can bring your site down due to plugins and other things. Knowing what to do and how to fix the .htaccess file can save a lot of face rolling and hair pulling.
Let’s start with your default WordPress .htaccess file
FTP Client with a text editor – at default setting the files are hidden, set your FTP client to show hidden files. I use Filezilla and have it set, so that everytime I right click on the .htaccess file it would download the file and open it up in Notepad++ after doing my modifications and saving it, Filezilla will prompt you to either discard local file and/or finish editing
WordPress Plugin – WP Htaccess Editor – I haven’t tried this but this is probably what I’m going to install next, if I’m planning more .htaccess mods.
Finding the location of the .htaccess file
The .htaccess file for WordPress should be in the folder where you installed WordPress. In the root folder, if you installed WordPress in the root directory or it could in a subfolder if you installed WordPress in a sub folder (/wp, /blog, /other, etc.).
Cracking down on SPAM, I left this blog alone for quite some time, due to my recent attack where my blogs where defaced and my cPanel details got compromised so we had to start from a backup that wasn’t compromised. After loading a backup, I saved on my computer which was dated Feb 1st. I lost a couple of posts/articles all to thanks to those hackers and spammers.
There’s no guarantee that I can stop Spam 100%, but it should give me a fighting chance, a spambot would be stopped immediately by these countermeasures. A human spammer may still be able to get through to my defenses, but I’m not going to give up without a fight.
I also modified my .htaccess for protection, also my wp-config.php and /wp-content.
Securing your .htaccess – since the .htaccess is one of the most important file on your website. Naturally protecting it is one of the most vital things to do. With this simple code you can stop hackers from accessing your .htaccess file.
<files ~ “^.*\.([Hh][Tt][Aa])”>
deny from all
WP-Config.php – If you’re running WordPress like me then the next important file is wp-config.php, because this config file contains the login information, and other useful bits of info. For more detailed Info :Hardening WordPress
deny from all
Protect the /Wp-Content folder – The wp-content folder/directory another important area in your WordPress website. Why? This is is where your themes, plugins, images, videos, and cached files are located. Securing this folder is also a priority. This is also a main target of hackers, having access to this folder means they upload a script to suit their purpose. For this to work create a new .htaccess inside your /wp-content directory/folder. Got the inspiration from a post on Creative Bloq – Protect WordPress sites with .htaccess
Deny from all
<Files ~ “.(xml|css|jpe?g|png|gif|js)$”>
Allow from all