Protect Your WordPress WP-Config.php Via .htaccess - Hacker Proofing Your Site | WP Learning Lab
Вставка
- Опубліковано 5 чер 2015
- 🔥Name Your Own Price🔥 for the 11-Point WP Security Checklist Smart PDF: wplearninglab.com/go/wpsecuri...
Code from the tutorial:
BEGIN Protect the wp-config.php file
(left pointy bracket)files wp-config.php(right pointy bracket)
order allow,deny
deny from all
(left pointy bracket)/files(right pointy bracket)
END Protect the wp-config.php file
You doesn't allow the pointy brackets (Shift period and Shift comma) so make sure they match what you see in the video.
In this tutorial I'm going to show you to protect wp-config.php file from hackers using the .htaccess file and the code above. The importance of the WordPress wp-config.php file is enough to warrant protecting it. Secure wp-config.php is a big step towards hack prevention and hacker proofing your website..
So let's put that code into your .htaccess file and secure WordPress.
First login into your hosting account cPanel. Then find and click on the File Manager icon and choose the Document Root for the website that you are hardening. This will open the root of the website in another tab.
You can also log into the website root using FTP if you are more comfortable with that.
If you do not see a .htaccess in the website right then you can make one by clicking Add New File in the File Manager or right-clicking and choosing Create New File via FTP.
Open the .htaccess file and paste the code from above into it. There is no need to make adjustments to the code. Once pasted in just save the file and you're done.
Now you've done your WordPress security for the day. Time to take a break! Or better yet, watch the next video to secure WordPress even more.
I hope this information helps you! If you have any questions leave a comment below or ping me @WPLearningLab on Twitter.
--------------
If you want more excellent WordPress information check out our website where we post WordPress tutorials daily.
wplearninglab.com/
Connect with us:
WP Learning Lab Channel: ua-cam.com/users/subscription_c...
Facebook: / wplearninglab
Twitter: / wplearninglab
Google Plus: google.com/+Wplearninglab
Pinterest: / wplearninglab
Worked great!! Thanks for all your awesome tutorials!
Super awesome. Had a bit of trouble finding the file, as BlueHost wasn't showing hidden files even though the box was ticked. Found the code to work around that on YT also...and it's all good. Yes 💛 everyone sharing and helping each other. Thanks again. 👊
No problem, I'm happy to help :) Thanks for watching!
Thank You very much for the quick & easy tutorial! I will recommend this on my website :-))
Love your content, is been helping me alot with Wordpress :)
Thanks Ben, I'm glad to help. And thanks for watching!
best wordpress security videos on UA-cam....thanks.
+GManGT Thanks for your encouragement. I do my best :)
@Wp Learning Lab
Very well explained Videos, Hats off to you man :)
have some questions,
After installing fresh install of wordpress, Under how much time should we tweak our htaccess file ?
Should we first install our desired themes and security plugins or go for tweaking wordpress root files as soon as possible as shown in your security videos ?
Please clarify.
Your tutorials are fantastic. 👍👍
Thank you for a very clear and understandable explanation, very helpful for a noob like me :)
+Jo lovesnailart You're welcome, I'm glad I could help!
Bjorn’s tutorials are absolutely excellent.
Thanks Osvaldo :) Much appreicated!
Thank you! I will subscribe!
Sorry for the delay in responding. Thanks for the sub Drew, I really appreciate it!
Thanks muchly Bjorn!
+gregtdude No problem, thanks for watching!
Hi,
We are in 2022 and you great vidéo is serving me a lot so thank you so much
When I access wp-config.php after make changes to htaccess, it gives me 404 error. the same error is given even without adding this code
thank you sr.....can i also change the place of wp.config and restrict access both at the same time
Thank you!!!
+Andrew P. Sommer Anytime Andrew, thanks for watching!
Have a beginner question: It worked for me, tested and got the 403 error ... My question is, with so many hack attempts, I assume these 403 errors pile up in some file in my c-panel...Where would these errors go and can/how or should they ever be deleted? Thanks in advance! SUBSCRIBED!
First, thanks for the sub!
Second, I think that's an intermediate question. If you're thinking about error logs you're well beyond beginner :)
In your cPanel you should have a section called 'error logs' that will contain files with error information. There isn't really a need to clear them because they're not loaded anywhere on your site. So a big error log file doesn't hurt your load speed.
If you can't find the error logs in the cPanel contact your host's support. They'll be able to point you in the right direction.
I hope that helps and thanks for watching!
Hi I got the .htaccess file now and put the code now it is taking me to 404 page,,,,but I want to know one more thing that is this security is enough for website....I have seen people hide their wp-config.php and put the in different folder do I need to do that and what more security can be put to prevent from hacking....do let me know....thanks....
thanks
i got a 500 internal server error after i changed the htaccess file :( why?
Hi Rammoss,
UA-cam doesn't allow the pointy brackets (Shift period and Shift comma) in descriptions so make sure they match what you see in the video.
But, they allow pointy brackets in comments for some reason. So copy and paste the code below. That should solve your problem:
# BEGIN Protect the wp-config.php file
order allow,deny
deny from all
# END Protect the wp-config.php file
Hi I have checked .htaccess in file manager and I could not get it so as per your instruction I tried to create but got the error....let know what next can be done....error saying file already exist so I tried to find but did not get it...let me know..
+Sarkari Job Look for Settings at the top right corner of File Manager in cPanel and click on it. You should see this option with a checkbox: Show Hidden Files (dotfiles) ...make sure there is a tick in the box! Click save and the .htaccess file will show.
Whenever i apply this code , & open my site it shows
"Internal Server Error "
Please help.
same here. I had to remove the code
You are the best.
Please share me the
.htaccess file
Please I need to know the parameters for a PoC
What if you have backdoors in your wp-content file and blog file. For example:
blog.dir/index.php
/wp-admin/includes/class-pclzip.php
/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js
/wp-content/plugins/contact-form-7/includes/js/scripts.js
/wp-content/plugins/jetpack/_inc/postmessage.js
/wp-content/plugins/post-thumbnail-editor/apps/coffee-script.js
/wp-content/plugins/post-thumbnail-editor/apps/angular/angular.min.js
/wp-content/plugins/post-thumbnail-editor/apps/requirejs/require.js
/wp-content/plugins/post-thumbnail-editor/js-build/main.js
/wp-content/plugins/so-widgets-bundle/base/js/admin.js
How do you patch those up?
For plugins, the best way is keep them up-to-date. If you find vulnerabilities in a plugin tell the developer right away so that they can create a patch and release it to every one.
I hope that helps and thanks for watching!
You're awesome man! Those .htaccess codes saved me a lot of time and money. Hostgator wanted me to get on Sitelock for 70 dollars a month! Can't you believe that? High way robbery. I used wordfence and blocked idiots who tried to access my logins & wp-config. Great videos.
+Alpha Male Network $70 per month seems a little steep, but good work for saving the $. Most people don't want to be bothered with taking a couple hours to learn this stuff and would rather spend big bucks to have someone else to do it for them.
Another great service to look into is cloudflare. I haven't made a tutorial for it yet, but even their free tier provides great added security for your site.
Thanks for watching!
Any updates on this?
order allow,deny
deny from all
@The TiK Tok Probably the most important file in your #WordPress website’s root directory is *wp-config.php* file.
It contains information about your *WordPress Database* and how to connect to it.
To protect your *wp-config.php* file from unauthorized access, simply add the code I have posted above to your *.htaccess* file.
Hope this helps you out.
What is the parameters ?
can i lock all .php in access
You can, but that cause unexpected issues because your still needs access to lots of php files. You're best bet is to restrict access to the wp-config and set proper permissions for all the other files and folders. I have a tutorial for it here: ua-cam.com/video/04jNSZtUjqQ/v-deo.html
I hope that helps, let me know if you have any further questions. Thanks for watching!