Secure Website Using Htaccess File

Are you looking for some useful .htaccess tweaks for your Drupal/WordPress site for increase security. The .htaccess file is a powerful configuration file which allows you to do a lot of neat things on your website. In this article, I will show you some of the most useful tweaks for WordPress/Drupal that you can try right away for Secure website using htaccess file.

What is .htaccess File and How to Edit it?

The .htaccess file is a server configuration file. It allows you to define rules for your server to follow for your website. WordPress/Drupal uses .htaccess file to generate SEO friendly URL structure. However, this file can do a lot more.

The .htaccess file is located in your Drupal/WordPress site’s root folder. You will need to connect to your website using an FTP client to edit it.

Before editing your .htaccess file, it is important to download a copy of it to your computer as backup. You can use that file in case anything goes wrong.

Having said that, let’s take a look at a sample for WordPress/Drupal that you can try. Add the below code in your .htaccess file and you can also change filename or query strings according to your need.

Secure website using htaccess file :-

# BEGIN insafweb

<IfModule mod_rewrite.c>
RewriteEngine On

# Protect System Files
RewriteRule ^CHANGELOG.txt$ - [F]
RewriteRule ^COPYRIGHT.txt$ - [F]
RewriteRule ^INSTALL.txt$ - [F]
RewriteRule ^MAINTAINERS.txt$ - [F]
RewriteRule ^README.txt$ - [F]

# Filter Suspicious Query Strings in the URL
RewriteCond %{QUERY_STRING} ../ [OR]
RewriteCond %{QUERY_STRING} .(bash|git|hg|log|svn|swp|cvs) [NC,OR]
RewriteCond %{QUERY_STRING} etc/passwd [NC,OR]
RewriteCond %{QUERY_STRING} boot.ini [NC,OR]
RewriteCond %{QUERY_STRING} ftp: [NC,OR]
RewriteCond %{QUERY_STRING} http?: [NC,OR]
RewriteCond %{QUERY_STRING} https?: [NC,OR]
RewriteCond %{QUERY_STRING} (<|<)script(>|>) [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|=) [NC,OR]
RewriteCond %{QUERY_STRING} base64_decode( [NC,OR]
RewriteCond %{QUERY_STRING} $&x [NC,OR]
RewriteCond %{QUERY_STRING} 127.0 [NC,OR]
RewriteCond %{QUERY_STRING} (globals|encode|localhost|loopback) [NC,OR]
RewriteCond %{QUERY_STRING} (concat|insert|union|declare) [NC,OR]
RewriteCond %{QUERY_STRING} %[01][0-9A-F] [NC]
RewriteRule ^.* - [F]

</IfModule>

# Protect System Files
<files .htaccess>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from all
</IfModule>
</files>
<files readme.html>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from all
</IfModule>
</files>
<files readme.txt>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from all
</IfModule>
</files>
<files th1s_1s_a_4o4.html>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from all
</IfModule>
</files>
<files wp-login.php>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from all
</IfModule>
</files>

# END insafweb

I hope this article helped you to secure website using htaccess.

Regards