Top

Follow me and receive all the latest free scripts:

By Email:

Categories
Most Popular Posts

Protect htaccess files and improve your site security

Protect htaccess files and improve your site security

Published November 25, 2014 by , category Security

Website securityhtaccess filehtaccess security

Protecting your site's htaccess files is critical to maintaining a secure environment.

Introduction

In this tutorial I will explain how to protect your htaccess files and prevent it from being overwritten.

"Always keep in mind that when you add rules in a htaccess file, you're affecting all of the subdirectories as well as the current directory."

First, if your htaccess has been modified by someone, it's likely that you have some malicious code somewhere on your site that is changing the htaccess file. So what I recommend is:

  1. Always have a copy of your htaccess file,
  2. Check all your files and directories, track codes and files which may have been added,
  3. Find and remove malware from your computer; if it's not enough, I'd recommend a complete re-install of your system,
  4. Change your FTP password,
  5. Protect your htaccess file from being overwritten,
  6. Set 444 permission to all files, except custom upload folders,
  7. There is another step to go further: htaccess hacks to prevent your site from hacking...in a next tutorial.

Block access to your .htaccess file

The following code will prevent user to access your .htaccess file.

# case sensitive method
<Files .htaccess>
order allow,deny
deny from all
</Files>

The following lines prevent .htaccess and .htpasswd files from being viewed by Web clients.

# forbids access to any file beginning by ".ht".
<Files ~ "^\.ht">
 Order allow,deny
 Deny from all
 Satisfy All
</Files>

Conclusion

Never forget that if you don't close the hole that allowed the hack to happen, you will just get hacked again. This tutorial is only about how to protect your htaccess file...you may have other actions to take.

About Simon Laroche
Simon Laroche on Google+
Simon Laroche on Twitter
Simon Laroche on Facebook
Simon Laroche on Pinterest
Simon Laroche on LinkedIn
: I am a Coder, Designer, Webmaster and Expert SEO Consulting, I'm also a wise traveller and an avid amateur photographer. I created the website TipoCode and many others such as Landolia: a World of Photos...

If you need help about this script, please leave a comment below. I reply as much as I can depending of my time, you may also get help from others.
I also offer a paid support, if you are in the need to adapt or create a script...

Leave a comment

Comments (0 comment)

No comments for the moment!