Secure website with htaccess is very important to avoid hacks. Some web servers allow directory access publicly but we don’t need to share our private file with world. To get rid from this create a .htaccess file in root directory. We can use a single .htaccess file for different use.
1. Protect any file
To disallow public access of a particular file add this code in .htaccess file.
<Files file_name="">//Replace file_name with desired file name
order allow,deny
deny from all
</Files>2. Banning IP addresses
To bann IP addresses add this code in .htaccess. You can add any number of IP addresses to block accesss of site from them.
<Limit GET POST> order allow,deny deny from 200.25.68.56 deny from 198.56.85.42 allow from all </Limit>
3. Stop directory browsing
Some times files in any directory listed on browser to get rid from this add below line in .htaccess
Options -Indexes
4. Secure specific type of files
To secure specific files by type like CSS and JS add below code and edit 3rd line which have file extensions with your desired file types.
Order deny,allow Deny from all <Files ~ ".(xml|css|jpeg|png|gif|js)$"> Allow from all </Files>
5. Secure .htaccess
Hackers can access .htaccess file to break website security. We also need to secure our .htaccess file also.
<Files ~ "^.*\.([Hh][Tt][Aa])"> order allow,deny deny from all satisfy all </Files>
6. Protect webiste directory with password using .htpasswd
Create a .htpasswd file anywhere in web directory and create password in it to access any directory with password rights.
username:password eg. compilr:jjhdfj7345jdfkc
Then create a new .htaccess file that directory you want to protect and put below code in this .htaccess file.
AuthUserFile /path/to/htpasswd/file/.htpasswd AuthName "Protected Area" AuthType Basic Require valid-user
These are few tips to secure website with htaccess with ease. These steps can be used for any type of website like wordpress etc.