01. Protect the wp-config.php file
wp-config.php is a file in the root directory that is used to store information about your site as well as details of the database username, database name, and password. Of course this file is something you should protect.
In .htaccess You add the following code to prevent access to the file wp-config.php :
<Files wp-config.php> order allow,deny deny from all </Files>
02. Admin access only from your IP
You can restrict access to your admin folder based on your IP address, to do this you will need to create a new .htaccess file in your text editor and upload it to a folder wp-admin You.
The following code snippet denies access to the admin folder for everyone, with the exception of your IP address, but please note if you have a dynamic IP you may have to regularly change this file otherwise you won’t be able to access it yourself! 🙂 🙂
Copy code order deny,allow allow from 202.090.21.1 (ganti dengan IP address anda) deny from all
03. Banned bad User
If you have the same IP address trying to access your content or trying to brute force your admin page, you can ban this person’s IP using .htaccess with this simple code.
<Limit GET POST> order allow,deny deny from 202.090.21.1 allow from all </Limit>
You can also add more IPs that you want to block to your wordpress site by adding new IP addresses underneath, for example.
<Limit GET POST> order allow,deny deny from 202.090.21.1 deny from 202.090.21.2 allow from all </Limit>
04. Close browsing access to the directory
As we know WordPress is now so popular and many people know the structure of the WordPress installation and know where to look to find what plug-ins you are using or other files that might provide too much information about your site, one way of dealing with this. is to prevent browsing access to the directory.
#directory browsing Options All -Indexes
05. Prevent access to wp-content
The wp-content folder contains images, themes and plug-ins and it is a very important folder inside your WordPress, so it makes sense to prevent outsiders from accessing wp-content inside.
for this you have to add a new .htaccess file to the wp-content folder, this prevents users from seeing images, CSS etc. but the most important thing is to protect your PHP files:
Order deny,allow Deny from all <Files ~ ".(xml|css|jpe?g|png|gif|js)$"> Allow from all </Files>
06. Individual File Protection
There are certain files you may want to protect individually instead of blocking entire folders or selections. The following code shows how you will prevent access to the .htaccess file and will redirect it to 403 if accessed by anyone. The file name can be changed to any file you want it to protect:
#Protect the .htaccess <files .htaccess=""> order allow,deny deny from all </files>
07. Protecting .htaccess
After we make extra security enhancements with .htaccess we also don’t forget to secure this file, don’t leave this file open and easily accessible by people who are not responsible.
This code basically blocks anyone trying to access any file on your site that starts with a letter “Hta”, this will protect it and make it somewhat safer. 🙂
<Files ~ "^.*.([Hh][Tt][Aa])"> order allow,deny deny from all satisfy all </Files>
Here I have discussed how to prevent users or anyone but you as the owner from accessing your admin folder, and how to prevent access to directories, protect files. wp-config.php You, protect your wp-content folder, protect individual files and even protect .htaccess You.
Hopefully this is useful and helps to further secure your wordpress website. 🙂, but you can do all that with Wp-better security plugins, but you have to be careful, read how to use the wp-better security plugins