Home Latest Web Hosting News Htaccess Cool htaccess Tricks to Secure A Website & Files

Cool htaccess Tricks to Secure A Website & Files

Cool htaccess Tricks to Secure A Website and Files
Cool htaccess Tricks to Secure A Website and Files

Do you want to prevent website injections & spam? restrict hidden file access, secure folders, and your website from hackers?

There are many useful tricks when it comes to securing your website using a .htaccess file. Htaccess is located on your website’s main public folder.

We will be looking at a few simple .htaccess codes that will keep you safe when producing a website.

More info about .htaccess

Secure Hidden Files & Folders

Securing Hidden files and restricting access to any folder view on your website, simply use this code shown below;

RedirectMatch 403 /\..*$

This code will simply stop many hackers and redirect them to and 403 (forbidden or restricted access page), if you wish you could also change this to show the code shown below;

RedirectMatch 404 /\..*$

This will simply redirect the hacker, bot, or spam searching/scanning for hidden files or trying to get into your folders into a 404 Error page, consigning them furthermore since they would be expecting a different outcome.

 


Block all scripts that have any <script> tags within URL

This is a very useful .htaccess code, that can be used on any website. It will secure your website from any script being injected into your website, preventing spam, malware, or server compromisation.

The code is shown below, simply copy and pace into your .htaccess file.

RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]

 


Block injected Scripts trying to set a PHP GLOBALS variable via URL

This is another code that will keep you safe from the script being run inside PHP global variables.

code is shown below;

RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]

 


Block all scripts trying to modify or edit any type of REQUEST variable on your website using the URL.

Block spam, hackers, and bad bots phishing to post links on your website.

The code is shown below;

RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})

 


Show 403 forbidden page and protect yourself

Another great code to protect yourself on .well-known….;

  • acme-challenge
  • cpanel-dcv
  • pki-validation

This is a side that will secure all these public sources which you may have installed or installed on your website from hackers, spam, and bad bost.

RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\

 


Get full protection!

Copy and paste all these codes shown below to get full protection with your htaccess, this is a combination of all codes shown above on singular forms.

RedirectMatch 403 /\..*$
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\

 

Example of this code being applied on .htacess code shown below;

Example
Example

LEAVE A REPLY

Please enter your comment!
Please enter your name here