Using .htacces to protect from hacks

  • justinmarch

    (@justinmarch)


    14 years, 5 months ago

    Am thinking about implementing the following within .htaccess file placed at: /wp-admin/.htaccess

    AuthUserFile /dev/null
    AuthGroupFile /dev/null
    AuthName “Access Control”
    AuthType Basic
    order deny,allow
    deny from all

    I realise that the above currently blocks all access but will something like the above prevent most/all types of hacks

    Is there a way of password protecting the access through the same .htaccess file. I was hoping to implement using a static IP address rather than a password but this is a no go.

    Justin

Viewing 1 replies (of 1 total)
  • buddha-trance

    (@buddha-trance)

    14 years, 5 months ago

    I have password protected the wp-admin folder this way:

    1 – .htaccess file (in the wp-admin folder)

    ## password begin ##
AuthUserFile /usr/www/users/path/to/blog/wp-admin/.passwd
AuthName     "Protected"
AuthType     Basic
<Limit GET POST PUT>
require valid-user
</Limit>
<Files .passwd>
deny from all
</Files>
## password end ##

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

    Of course, your directory path will vary depending on server.

    2 – .passwd file (also in the wp-admin folder)

    I had to call it .passwd, depending on server it may be .htpasswd, in which case make sure it is called this way in the code above as well.

    In this file, I simply added the one line of text created by this password generator
    http://webinfo.inch.com/server/apache/htpasswd.html

    Both files have permission 644

    Hope this helps!

Viewing 1 replies (of 1 total)
  • The topic ‘Using .htacces to protect from hacks’ is closed to new replies.