{"id":6976,"date":"2020-10-22T20:04:01","date_gmt":"2020-10-22T20:04:01","guid":{"rendered":"https:\/\/tutorialsclass.com\/?p=6976"},"modified":"2020-10-22T20:04:03","modified_gmt":"2020-10-22T20:04:03","slug":"htaccess-security-rules","status":"publish","type":"post","link":"https:\/\/tutorialsclass.com\/htaccess-security-rules\/","title":{"rendered":"Htaccess security rules"},"content":{"rendered":"\n

Security is one of the primary factor for a well made website. Without security, you may expose confidential information to users or allow hackers to destroy your website.<\/p>\n\n\n\n

Using htaccess, you can add various rules to harden security. Some of them are quite easy to implement just by adding a few lines in .htaccess<\/code> file on your webserver.<\/p>\n\n\n\n

\n\n\n\n

Disable the server signature:<\/h2>\n\n\n\n

Server Signature display version number of Apache Server, Operating System, and modules installed. If your server display this kind of information publicly, Hackers can use it in order to exploit vulnerabilities (specially for older versions).<\/p>\n\n\n\n

It is recommended to hide all sensitive information inside Server Signature Information. This can be done by following simple code in htaccess.<\/p>\n\n\n\n

ServerSignature Off<\/code><\/pre>\n\n\n\n
\n\n\n\n
Disable directory listing:<\/h2>\n\n\n\n
This .htaccess code will remove directory indexing with 403 forbidden message. This helps tighten security by hiding code and files which can be misused by hackers.<\/p>\n\n\n\n
Options All -Indexes<\/code><\/pre>\n\n\n\n
\n\n\n\n
Password Protect a File:<\/h2>\n\n\n\n
If you have confidential files that you want to protect from public, you can use .htaccess and .htpasswd file.<\/p>\n\n\n\n
public_html\/private\/.htaccess<\/code><\/p>\n\n\n\n
#Protect Directory\nAuthName \"Dialog prompt\"\nAuthType Basic\nAuthUserFile \/home\/mywebsite\/public_html\/private\/.htpasswd\nrequire valid-user<\/code><\/pre>\n\n\n\n
Generate password using various tools online such as\u00a0hostingcanada<\/a>\u00a0or\u00a0web2generators<\/a> and put in .htpasswod file.<\/p>\n\n\n\n
public_html\/private\/.htpasswd<\/code><\/p>\n\n\n\n
mduadmin:{SHA}dFRTutPG0SggOjK3ZLTK85mcXPs=<\/code><\/pre>\n\n\n\n
\n\n\n\n
Prevent Image Hot Linking<\/strong>:<\/h2>\n\n\n\n
Hotlink with when some website links your images or other files which can greatly your impact your hosting bandwidth. You can prevent image hotlinking using htaccess code.<\/p>\n\n\n\n
Code to block image & css files<\/strong>:<\/p>\n\n\n\n
<IfModule mod_rewrite.c>\nRewriteEngine on\nRewriteCond %{HTTP_REFERER} !^$\nRewriteCond %{HTTP_REFERER} !^http(s)?:\/\/(www\\.)?mywebsite.in [NC]\nRewriteRule \\.(jpg|jpeg|png|gif)$ http:\/\/mywebsite.in\/warning-image.png [NC,R,L]\n<\/IfModule><\/code><\/pre>\n\n\n\n
Here, images and CSS files will be blocked for all website except ours mywebsite.com and it will show other\/warning image. You can include other static files if needed. Read more about Htaccess Hotlink protection<\/a> <\/p>\n\n\n\n
\n\n\n\n
Redirect Http to Https:<\/h2>\n\n\n\n
HTTPS<\/strong> allows secure communication between your browser and the server. If you have an SSL certificate, you can redirect all http (non-secure) URLs to secure https.<\/p>\n\n\n\n
<IfModule mod_rewrite.c>\nRewriteEngine On\nRewriteCond %{SERVER_PORT} 80\nRewriteRule ^(.*)$ https:\/\/www.domain.com\/$1 [R=301,L]\n<\/IfModule><\/code><\/pre>\n\n\n\n
Read more about htaccess redirection<\/a> here. <\/p>\n\n\n\n
\n\n\n\n
Deny Access to .htaccess Itself:<\/h2>\n\n\n\n
This code will deny access to .htaccess file itself.<\/p>\n\n\n\n
# Deny access to .htaccess\n<Files .htaccess>\nOrder allow,deny\nDeny from all\n<\/Files><\/code><\/pre>\n\n\n\n
Prevent access to certain files:<\/strong><\/p>\n\n\n\n
# Deny access to files with extensions .ini, .sh\n<FilesMatch \"\\.(ini|sh)$\">\nOrder allow,deny\nDeny from all\n<\/FilesMatch>\n\n# Deny access to filenames starting with dot(.)\n<FilesMatch \"^\\.\">\nOrder allow,deny\nDeny from all\n<\/FilesMatch>\n<\/code><\/pre>\n\n\n\n
Learn more about Htaccess deny access<\/a> <\/p>\n\n\n\n
\n","protected":false},"excerpt":{"rendered":"
Learn Htaccess security rules. In this tutorial, learn how to secure a website by Disable server signature, directory listing, & deny access.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[190],"tags":[],"keywords":[],"class_list":["post-6976","post","type-post","status-publish","format-standard","hentry","category-htaccess"],"yoast_head":"\nHtaccess security rules - Tutorials Class<\/title>\n<meta name=\"description\" content=\"Learn Htaccess security rules. In this tutorial, learn how to secure a website by Disable server signature, directory listing, & deny access.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/tutorialsclass.com\/htaccess-security-rules\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Htaccess security rules - Tutorials Class\" \/>\n<meta property=\"og:description\" content=\"Learn Htaccess security rules. In this tutorial, learn how to secure a website by Disable server signature, directory listing, & deny access.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/tutorialsclass.com\/htaccess-security-rules\/\" \/>\n<meta property=\"og:site_name\" content=\"Tutorials Class\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/tutorialsclass\" \/>\n<meta property=\"article:published_time\" content=\"2020-10-22T20:04:01+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-10-22T20:04:03+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/tutorialsclass.com\/wp-content\/uploads\/2020\/07\/tutorials-class-logo.png\" \/>\n\t<meta property=\"og:image:width\" content=\"600\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Tutorials Class\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@TutorialsClass\" \/>\n<meta name=\"twitter:site\" content=\"@TutorialsClass\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tutorials Class\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/tutorialsclass.com\/htaccess-security-rules\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/tutorialsclass.com\/htaccess-security-rules\/\"},\"author\":{\"name\":\"Tutorials Class\",\"@id\":\"https:\/\/tutorialsclass.com\/#\/schema\/person\/f7d4f67fc9721ef3ea91cb21aaf89e3e\"},\"headline\":\"Htaccess security rules\",\"datePublished\":\"2020-10-22T20:04:01+00:00\",\"dateModified\":\"2020-10-22T20:04:03+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/tutorialsclass.com\/htaccess-security-rules\/\"},\"wordCount\":326,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/tutorialsclass.com\/#organization\"},\"articleSection\":[\"Htaccess\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/tutorialsclass.com\/htaccess-security-rules\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/tutorialsclass.com\/htaccess-security-rules\/\",\"url\":\"https:\/\/tutorialsclass.com\/htaccess-security-rules\/\",\"name\":\"Htaccess security rules - Tutorials Class\",\"isPartOf\":{\"@id\":\"https:\/\/tutorialsclass.com\/#website\"},\"datePublished\":\"2020-10-22T20:04:01+00:00\",\"dateModified\":\"2020-10-22T20:04:03+00:00\",\"description\":\"Learn Htaccess security rules. In this tutorial, learn how to secure a website by Disable server signature, directory listing, & deny access.\",\"breadcrumb\":{\"@id\":\"https:\/\/tutorialsclass.com\/htaccess-security-rules\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/tutorialsclass.com\/htaccess-security-rules\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/tutorialsclass.com\/htaccess-security-rules\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/tutorialsclass.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Learn\",\"item\":\"https:\/\/tutorialsclass.com\/learn\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Htaccess\",\"item\":\"https:\/\/tutorialsclass.com\/learn\/htaccess\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Htaccess security rules\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/tutorialsclass.com\/#website\",\"url\":\"https:\/\/tutorialsclass.com\/\",\"name\":\"Tutorials Class\",\"description\":\"Online Tutorials for Beginners\",\"publisher\":{\"@id\":\"https:\/\/tutorialsclass.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/tutorialsclass.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/tutorialsclass.com\/#organization\",\"name\":\"Tutorials Class\",\"url\":\"https:\/\/tutorialsclass.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/tutorialsclass.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/tutorialsclass.com\/wp-content\/uploads\/2020\/05\/tutorials-class-logo.png\",\"contentUrl\":\"https:\/\/tutorialsclass.com\/wp-content\/uploads\/2020\/05\/tutorials-class-logo.png\",\"width\":442,\"height\":94,\"caption\":\"Tutorials Class\"},\"image\":{\"@id\":\"https:\/\/tutorialsclass.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/tutorialsclass\",\"https:\/\/x.com\/TutorialsClass\",\"https:\/\/in.pinterest.com\/merientinfotech\/boards\/\",\"https:\/\/www.youtube.com\/channel\/UCzbpQXlqec-bQf1_kwrTuoA\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/tutorialsclass.com\/#\/schema\/person\/f7d4f67fc9721ef3ea91cb21aaf89e3e\",\"name\":\"Tutorials Class\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/tutorialsclass.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/346276d8e1600eec36df1bf9adcf78bf1eabb87fc0a79250e0565a88809b8f14?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/346276d8e1600eec36df1bf9adcf78bf1eabb87fc0a79250e0565a88809b8f14?s=96&d=mm&r=g\",\"caption\":\"Tutorials Class\"},\"sameAs\":[\"tcadmin\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Htaccess security rules - Tutorials Class","description":"Learn Htaccess security rules. In this tutorial, learn how to secure a website by Disable server signature, directory listing, & deny access.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/tutorialsclass.com\/htaccess-security-rules\/","og_locale":"en_US","og_type":"article","og_title":"Htaccess security rules - Tutorials Class","og_description":"Learn Htaccess security rules. In this tutorial, learn how to secure a website by Disable server signature, directory listing, & deny access.","og_url":"https:\/\/tutorialsclass.com\/htaccess-security-rules\/","og_site_name":"Tutorials Class","article_publisher":"https:\/\/www.facebook.com\/tutorialsclass","article_published_time":"2020-10-22T20:04:01+00:00","article_modified_time":"2020-10-22T20:04:03+00:00","og_image":[{"width":600,"height":600,"url":"https:\/\/tutorialsclass.com\/wp-content\/uploads\/2020\/07\/tutorials-class-logo.png","type":"image\/png"}],"author":"Tutorials Class","twitter_card":"summary_large_image","twitter_creator":"@TutorialsClass","twitter_site":"@TutorialsClass","twitter_misc":{"Written by":"Tutorials Class","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/tutorialsclass.com\/htaccess-security-rules\/#article","isPartOf":{"@id":"https:\/\/tutorialsclass.com\/htaccess-security-rules\/"},"author":{"name":"Tutorials Class","@id":"https:\/\/tutorialsclass.com\/#\/schema\/person\/f7d4f67fc9721ef3ea91cb21aaf89e3e"},"headline":"Htaccess security rules","datePublished":"2020-10-22T20:04:01+00:00","dateModified":"2020-10-22T20:04:03+00:00","mainEntityOfPage":{"@id":"https:\/\/tutorialsclass.com\/htaccess-security-rules\/"},"wordCount":326,"commentCount":0,"publisher":{"@id":"https:\/\/tutorialsclass.com\/#organization"},"articleSection":["Htaccess"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/tutorialsclass.com\/htaccess-security-rules\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/tutorialsclass.com\/htaccess-security-rules\/","url":"https:\/\/tutorialsclass.com\/htaccess-security-rules\/","name":"Htaccess security rules - Tutorials Class","isPartOf":{"@id":"https:\/\/tutorialsclass.com\/#website"},"datePublished":"2020-10-22T20:04:01+00:00","dateModified":"2020-10-22T20:04:03+00:00","description":"Learn Htaccess security rules. In this tutorial, learn how to secure a website by Disable server signature, directory listing, & deny access.","breadcrumb":{"@id":"https:\/\/tutorialsclass.com\/htaccess-security-rules\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/tutorialsclass.com\/htaccess-security-rules\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/tutorialsclass.com\/htaccess-security-rules\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/tutorialsclass.com\/"},{"@type":"ListItem","position":2,"name":"Learn","item":"https:\/\/tutorialsclass.com\/learn\/"},{"@type":"ListItem","position":3,"name":"Htaccess","item":"https:\/\/tutorialsclass.com\/learn\/htaccess\/"},{"@type":"ListItem","position":4,"name":"Htaccess security rules"}]},{"@type":"WebSite","@id":"https:\/\/tutorialsclass.com\/#website","url":"https:\/\/tutorialsclass.com\/","name":"Tutorials Class","description":"Online Tutorials for Beginners","publisher":{"@id":"https:\/\/tutorialsclass.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/tutorialsclass.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/tutorialsclass.com\/#organization","name":"Tutorials Class","url":"https:\/\/tutorialsclass.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/tutorialsclass.com\/#\/schema\/logo\/image\/","url":"https:\/\/tutorialsclass.com\/wp-content\/uploads\/2020\/05\/tutorials-class-logo.png","contentUrl":"https:\/\/tutorialsclass.com\/wp-content\/uploads\/2020\/05\/tutorials-class-logo.png","width":442,"height":94,"caption":"Tutorials Class"},"image":{"@id":"https:\/\/tutorialsclass.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/tutorialsclass","https:\/\/x.com\/TutorialsClass","https:\/\/in.pinterest.com\/merientinfotech\/boards\/","https:\/\/www.youtube.com\/channel\/UCzbpQXlqec-bQf1_kwrTuoA"]},{"@type":"Person","@id":"https:\/\/tutorialsclass.com\/#\/schema\/person\/f7d4f67fc9721ef3ea91cb21aaf89e3e","name":"Tutorials Class","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/tutorialsclass.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/346276d8e1600eec36df1bf9adcf78bf1eabb87fc0a79250e0565a88809b8f14?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/346276d8e1600eec36df1bf9adcf78bf1eabb87fc0a79250e0565a88809b8f14?s=96&d=mm&r=g","caption":"Tutorials Class"},"sameAs":["tcadmin"]}]}},"_links":{"self":[{"href":"https:\/\/tutorialsclass.com\/wp-json\/wp\/v2\/posts\/6976","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tutorialsclass.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tutorialsclass.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tutorialsclass.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tutorialsclass.com\/wp-json\/wp\/v2\/comments?post=6976"}],"version-history":[{"count":14,"href":"https:\/\/tutorialsclass.com\/wp-json\/wp\/v2\/posts\/6976\/revisions"}],"predecessor-version":[{"id":7076,"href":"https:\/\/tutorialsclass.com\/wp-json\/wp\/v2\/posts\/6976\/revisions\/7076"}],"wp:attachment":[{"href":"https:\/\/tutorialsclass.com\/wp-json\/wp\/v2\/media?parent=6976"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tutorialsclass.com\/wp-json\/wp\/v2\/categories?post=6976"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tutorialsclass.com\/wp-json\/wp\/v2\/tags?post=6976"},{"taxonomy":"keywords","embeddable":true,"href":"https:\/\/tutorialsclass.com\/wp-json\/wp\/v2\/keywords?post=6976"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}