WordPress Default .htaccess file

Knowing your .htaccess file is vital as with the .htaccess file you can do tons of stuff to your WordPress blog.  If you have a habit of trying out new plugins, installing them, removing them, etc. you also have to be aware that a corrupted .htaccess file can bring your site down due to plugins and other things. Knowing what to do and how to fix the .htaccess file can save a lot of face rolling and hair pulling.

 

Let’s start with your default WordPress .htaccess file

Root

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /blog/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /blog/index.php [L]
</IfModule>
# END WordPress

Subfolder

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /subdirectory/
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /subdirectory/index.php [L]
</IfModule>
# END WordPress

For .htaccess modifications always make a backup copy so if ever you mess up you can always load a fresh copy and start again.

To start modifying your .htaccess you need to locate your .htaccess file with these tools:

  1. cPanel‘s File Manager (inline code editor)
  2. FTP Client with a text editor – at default setting the files are hidden, set your FTP client to show hidden files. I use Filezilla and have it set, so that everytime I right click on the .htaccess file it would download the file and open it up in Notepad++ after doing my modifications and saving it, Filezilla will prompt you to either discard local file and/or finish editing
  3. WordPress PluginWP Htaccess Editor – I haven’t tried this but this is probably what I’m going to install next, if I’m planning more .htaccess mods.

Finding the location of the .htaccess file

The .htaccess file for WordPress should be in the folder where you installed WordPress. In the root folder, if you installed WordPress in the root directory or it could in a subfolder if you installed WordPress in a sub folder (/wp, /blog, /other, etc.).

yourwebsite.com/.htaccess
yourwebsite.com/wordpress installation/.htaccess

 

Enhanced by Zemanta
Continue Reading

Cracking Down on SPAM

 

Cracking down on SPAM, I left this blog alone for quite some time, due to my recent attack where my blogs where defaced and my cPanel details got compromised so we had to start from a backup that wasn’t compromised. After loading a backup, I saved on my computer which was dated Feb 1st. I lost a couple of posts/articles all to thanks to those hackers and spammers.

SPAM
SPAM (Photo credit: AJC1)

I retired my D3 blog because of these SPAM comments, messages.

A couple of things I did for more added security.

  1. Removed Contact Form and replaced it with Contact Form 7
  2. Added reCaptcha Plugin for CF7
  3. Installed Bad Behavior

There’s no guarantee that I can stop Spam 100%, but it should give me a fighting chance, a spambot would be stopped immediately by these countermeasures. A human spammer may still be able to get through to my defenses, but I’m not going to give up without a fight.

I also modified my .htaccess for protection, also my wp-config.php and /wp-content.

  • Securing your .htaccess – since the .htaccess is one of the most important file on your website. Naturally protecting it is one of the most vital things to do. With this simple code you can stop hackers from accessing your .htaccess file.

<files ~ “^.*\.([Hh][Tt][Aa])”>
order allow,deny
deny from all
satisfy all
</files>

 

  • WP-Config.php – If you’re running WordPress like me then the next important file is wp-config.php, because this config file contains the login information, and other useful bits of info. For more detailed Info : Hardening WordPress

<files wp-config.php>
order allow,deny
deny from all
</files>

  • Protect the /Wp-Content folder – The wp-content folder/directory another important area in your WordPress website.  Why? This is is where your themes, plugins, images, videos, and cached files are located. Securing this folder is also a priority. This is also a main target of hackers, having access to this folder means they upload a script to suit their purpose. For this to work create a new .htaccess inside your /wp-content directory/folder. Got the inspiration from a post on Creative Bloq – Protect WordPress sites with .htaccess

Order deny,allow
Deny from all
<Files ~ “.(xml|css|jpe?g|png|gif|js)$”>
Allow from all
</Files>

 

More on .HTACCESS

 

Enhanced by Zemanta
Continue Reading