Description
Lunexia .htaccess Shield is a comprehensive security plugin that helps harden your website by automatically applying proven .htaccess security rules. With an intuitive dashboard, you can easily enable or disable various security measures to protect your website from common threats.
Key Features:
- One-Click Security Rules: Enable/disable security rules with a simple toggle interface
- Security Score: Visual indicator showing your current protection level
- Automatic .htaccess Management: Safely applies rules without manual editing
- Backup & Restore: Create backups before making changes and restore if needed
- Admin Approval Workflow: Require admin approval for new Administrator/Editor accounts before login
- OTP Login Protection: Add one-time password verification for selected user roles
- Backend Access Protection: Block blocked IPs from reaching
wp-adminandwp-login.php - Feature Preview: Preview recommended premium hardening features before enabling them
- System Status: Monitor your server’s security readiness
Security Rules Included:
- Disable directory browsing
- Protect wp-config.php and .htaccess files
- Block access to sensitive files
- Disable XML-RPC for improved security
- Prevent PHP execution in uploads folder
- Malicious query string protection
- Security headers (XSS, CSRF, HSTS, etc.)
Safe & Reliable:
* Uses core functions for .htaccess manipulation
* Creates automatic backups before changes
* Checks file permissions before applying rules
* Non-destructive – rules are wrapped in markers for easy removal
External Services
This plugin connects to external services as follows:
Google Sheets API Service
This plugin uses the Google Sheets API (via Google Apps Script) to validate license keys when users activate a license. This is an optional feature and is only used when a user voluntarily attempts to activate a license key.
- Purpose: Validates license key authenticity and domain binding
- When it’s used: Only when users click “Activate License” in the plugin settings
- What data is sent: License key and website domain name
- Service provider: Google (Google Sheets / Google Apps Script)
- Terms of Service: https://policies.google.com/terms
- Privacy Policy: https://policies.google.com/privacy
- Data retention: License validation data is stored only on the user’s Google Sheet, which they control
Support
For support, please visit the plugin forum or check the documentation.
License
This plugin is licensed under the GPLv2 or later.
Credits
Developed with security best practices in mind.
Installation
- Upload the
lunexia-htaccess-shieldfolder to the/wp-content/plugins/directory - Activate the plugin through the ‘Plugins’ menu
- Navigate to ‘Lunexia .htaccess Shield’ in the admin menu
- Review and enable desired security rules
- Click “Save & Apply Rules” to harden your site
FAQ
-
Is this plugin safe to use?
-
Yes, Lunexia .htaccess Shield is designed with safety in mind. It:
– Creates backups before making changes
– Uses core functions for file operations
– Checks file permissions before applying rules
– Wraps all rules in identifiable markers -
What if something goes wrong?
-
If you encounter issues:
1. Use the restore function to revert to a backup
2. Manually edit your .htaccess file to remove Lunexia .htaccess Shield rules
3. Deactivate the plugin if needed -
Does this replace my security plugins?
-
No, Lunexia .htaccess Shield complements other security plugins by focusing specifically on .htaccess hardening. It works well alongside plugins like Wordfence, Sucuri, or iThemes Security.
-
Will this slow down my site?
-
The .htaccess rules are lightweight and optimized for performance. Most rules have minimal impact on site speed.
Reviews
There are no reviews for this plugin.
Contributors & Developers
“Lunexia .htaccess Shield” is open source software. The following people have contributed to this plugin.
Contributors
Translate “Lunexia .htaccess Shield” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
1.2.1
- Added admin approval workflow for pending Administrator and Editor accounts
- Added OTP login protection for selected user roles
- Added backend access protection for blocked IPs on
wp-adminandwp-login.php - Added recommended feature preview modal for premium hardening features
1.2.1
- Fixed invalid .htaccess rule generation that could cause server errors
- Ensured blocked IP rules use modern rewrite-based access control
- Preserved activity logging for failed logins and blocked IP events
- Improved compatibility with Apache/LiteSpeed and PHP error handling