WordPress – Enhance your site’s performance and harden its security
This is all about the details of making use of the htaccess file on an Apache server to speed up WordPress as well as enabling a variety of security enhancements. The `.htaccess` file is located in the WordPress root installation directory and is sometimes used in subdirectories as you will discover below. This file is a hidden file, accessible to you through cPanel and/or your FTP file browser tool. In most cases you will have to purposefully select “show hidden files” to make it accessible.
Note: In some few cases, your hosting service places this file out of your reach. The one mistake to avoid here is creating a new htaccess file when one already exists, simply because you will over-write the existing one and you will not be able to step back in time. If you are uncertain, contact your hosting support. In all cases, WordPress will create the htaccess, or write to the existing file when you make a selection under Admin-Dashboard -> Settings -> Permalinks
For the sake of my presentation, I’m going to assume that you have one and you have write access to it.
The Security Enhancements
Place the following code into your htaccess file, uncommenting lines as appropriate. The pound sign (#) is the commenting marker in this context, when in place, a line of code that follows it is not executable. This is the common method for actually providing code comments defining the expected functionality.
# begin WP security enhancements
# to protect the htaccess file itself - uncomment - remove the pound sign from lines other than this line
# <Files .htaccess>
#order allow,deny
#deny from all
# </Files>
# to protect the wordpress config file - uncomment - remove the pound sign from lines other than this line
# <Files wp-config.php>
#order allow,deny
#deny from all
# </Files>
# if you use one - protect your php.ini file - uncomment - remove the pound sign from lines other than this line
# <Files php.ini>
#order allow,deny
#deny from all
# </Files>
# protect directory content from getting displayed - uncomment - remove the pound sign from lines other than this line
#Options All -Indexes
# end security enhancements