Protecting Your Website with .htaccess

13 views · Apr 16, 2026

Using .htaccess for Security

The .htaccess file is a powerful configuration file in Apache web servers. It lets you control access, redirects, and security settings for your website.

Location

The file is located in your public_html root directory. It may be hidden — in cPanel File Manager, click Settings (top right) and enable Show Hidden Files.

Common Security Rules

Block Access to Sensitive Files

<FilesMatch ".(env|json|log|sql|bak|conf)$">
    Order Allow,Deny
    Deny from all
</FilesMatch>

Disable Directory Listing

Options -Indexes

Block Bad Bots

SetEnvIfNoCase User-Agent "sqlmap" bad_bot
SetEnvIfNoCase User-Agent "nikto" bad_bot
Deny from env=bad_bot

Limit File Upload Size (PHP)

php_value upload_max_filesize 64M
php_value post_max_size 64M

Protect wp-config.php (WordPress)

<Files wp-config.php>
    Order Allow,Deny
    Deny from all
</Files>
A syntax error in .htaccess will cause a 500 Internal Server Error. Always keep a backup before making changes.
Related Articles
Website Security Best Practices How to Install a Free SSL Certificate How to Change Your cPanel Password
Back to Knowledge Base