Celebrating the 100th customer - 60% OFF the Password Policy Manager for WordPress plugin. GET DISCOUNT NOW

How to Restrict Access to WordPress files With htaccess

Last updated on April 29th, 2019 by Robert Abela. Filed under WordPress Security Tutorials & Tips

If you would like to restrict access to a WordPress file, or a number of files on your website from being accessed from an external source, you can do so by using .htaccess files if you are running an Apache web server. Restricting access to files with .htaccess is ideal for files which still need to be accessed under the hood by your WordPress but never accessed directly by your website visitors, such as the WordPress configuration file wp-config.php found in the root of your WordPress.

New to htaccess? Check out our Definitive Guide to htaccess and WordPress!

Htacess to restrict access to a single WordPress file

In the .htaccess file example below, we are restricting access to the WordPress wp-config.php file.

<files wp-config.php>
 order allow,deny
 deny from all
</files>

The .htaccess file in the above example should be uploaded to the same directory where the file resides, in this case in the WordPress root directory. If you would like to restrict access to any other individual file on your website change the file name in the first line and upload the .htaccess file to the directory where the file resides. Keep in mind that if you already have an .htaccess file in that directory, simply add the above directives at the end of the .htaccess file.

Restrict file access to by file type with htaccess

To restrict access to a variety of files which share the same file extension, you can use the syntax of the .htaccess file below. Such .htaccess file should be uploaded to the root of your website to apply file restriction site wide. In the below example, we are restricting access to .htaccess files, .htpasswd files, log files and ini files.

<FilesMatch "\.(htaccess|htpasswd|log|ini)$">
 Order Allow,Deny
 Deny from all
</FilesMatch>

If you would like to restrict access to more file extensions than the ones specified above, add the extension to the first line between the brackets next to the ini extension.

WordPress Hosting, Firewall and Backup

This Website is:

Leave a Reply

Your email address will not be published. Required fields are marked *