WordPress htaccess Security set up process [100% work]

Hi! Welcome to the WordPress htaccess security tutorial presented by Primomate. In the episode, I’m going to teach you how to secure your WordPress website using the .htaccess file which is located in the root directory of your website.

So, to secure your WordPress website with htaccess security file you first need to access the htaccess file.

So to access the htaccess file you should go to the cpanel of your web hosting server. From there You should go to the file manager and then go to the public_html directory. Because In the public_html directory Your website is located.

In this directory you will find a file named htaccess

If you cannot find this file click setting from the top-right corner and mark show hidden files box and then click Save.

As you have done it you will see the htaccess file. In my case, I will right-click on the htaccess file. And then I will click Edit to start editing the file to improve the htaccess security of my WordPress website.

Now, here you can add different rules to change the server configuration such as password protection for folders, block IPs, files, and so on.So, follow my instruction.

I will show you how to secure your WordPress website with htaccess file in 5 steps. Follow me-

disable Directory Browsing with htaccess security file

So first of all I will disable directory browsing by putting the following code in the htaccess file.

#Disable Directory Browsing
Options All -Indexes

This will prevent hackers to see the content of folders on your website.

Block access to the htaccess file

Next, I will protect the htaccess file by adding the following code in the same directory.

#Block access to the htaccess file
<files .htaccess>
order allow,deny 
deny from all

This code will protect your htaccess file for anyone who is trying to access it. If you do that change hackers cannot able to access or enter your htaccess file. By doing this, your htaccess file will more secure.

Protect from Script Injection

Another important security issue is script injection which is a serious security threat that enables an attacker to inject malicious code into the Website.
So add the following code to prevent your website from this type of attack.

#Protect from Script Injection
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (\<|%3C).script.(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]

Securing wp-config.php with htaccess

Once done with that, I will protect another important file which is the wp-config.php file
so add the following code in the htaccess directory to protect this file.

#Securing wp-config.php
<files wp-config.php>
order allow,deny 
deny from all

WP-config.php file contains the most sensitive access credentials of your WordPress website.

here you can see very important information like database name, username, password, and host name.

So I strongly recommend to protect this file using the rule on the htaccess security file which I have shown you here.

disable the WordPress editor to ensure the security of your website

Ok, now I show you how to disable the WordPress editor which is a great way to secure your WordPress website.

If you don’t know where the WordPress editor is. Go to the WordPress dashboard and under appearance, you will see the theme editor option. Just click it and you can modify the code for different pages from here. This is a very important file

So, It can be very very dangerous if a hacker gets into your admin area. So, I recommend you to disable the Editor from your WordPress website

know more about The Theme Editor-wpbeginner.com

So, let’s disable the editor by going back to the WP-config.php file and scroll down and put the following code in the end.

cpanel ➡file manager➡public_html➡wp-config.php➡ right click and Edit➡put this Code on the end

Disable Plugin / Theme Editor

OK now if You go back to the WordPress dashboard and refresh the page you can see you’re not allowed to access this page(theme editor).

And if you hover on the appearance you will not find the theme editor tab anymore.


This tips of the website security awareness will very useful to more secure your individual or organized website.

That’ it for now thanks for reading and staying with us- Primomate❤

Related topic-

How was this tutorial? Don’t forget to drop a comment.

Leave a Comment