Latest news from 5wire Networks

Best practices for securing your website with .htaccess

The .htaccess file offers a powerful tool for enhancing your website’s security on Apache web servers. However, it’s crucial to use it effectively to avoid unintended consequences. Here’s a guide to securing your website using .htaccess with best practices in mind:

Before You Begin

  • Understanding: Ensure you grasp the basics of .htaccess and its capabilities. Messing with it can disrupt your website if not done correctly. Refer to Apache documentation for in-depth information.
  • Limited Scope: .htaccess offers configuration for a specific directory, not server-wide settings.
  • Not a Silver Bullet: .htaccess complements other security measures, not replaces them. Strong server configurations, user access controls, and keeping software updated are essential.

Securing with .htaccess

  1. Basic Authentication (Password Protection): Ideal for restricting access to admin directories or sensitive areas.


  • Inconvenient for frequent access.
  • Not the most robust method as credentials are transmitted somewhat unencrypted.


  • Create a file named .htpasswd (ensure it starts with a dot) outside your web document root (keeps it inaccessible through the web).
  • Use a password encryption tool to generate hashed credentials. [Online tools are available for this purpose]
  • Add the username and hashed password to the .htpasswd file.
  • In your target directory’s .htaccess, add directives like AuthUserFile and AuthType to point to the .htpasswd file and enable basic authentication.

Security Headers

Use Case: Adds security headers to your website’s responses, mitigating vulnerabilities like XSS (Cross-Site Scripting) and Clickjacking.

Considerations: Compatible browsers can interpret these headers.


  • Include directives like Header always set X-XSS-Protection "1; mode=block" and Header always set X-Frame-Options "DENY" in your .htaccess file. These specific directives address XSS and Clickjacking, respectively. You can find more directives for various security headers online.

Access Restriction

Use Case: Block access to specific files or directories.


  • Granular control over access.
  • Can be complex for extensive restrictions.


  • Use Order deny,allow and Deny from all directives to deny access by default, followed by Allow from directives specifying allowed users or IP addresses.

Hotlinking Prevention:

Use Case: Stops other websites from directly linking to your images or resources, saving your bandwidth.


May affect legitimate uses of your resources.


  • Use RewriteEngine directives in conjunction with RewriteCond and RewriteRule to rewrite requests for specific file extensions to a dummy file.

Additional Tips

  • Comments: Use # to comment out lines in your .htaccess for better readability and easier maintenance.
  • Testing: Always test changes thoroughly in a staging environment before deploying them to your live website to avoid unintended disruptions.
  • Consult Resources: Refer to Apache documentation and online tutorials for specific configurations and advanced use cases.
  • Keep Updated: Stay informed about new security vulnerabilities and update your .htaccess rules accordingly.

Remember: .htaccess is a powerful tool, but use it cautiously and with a clear understanding of its capabilities to effectively enhance your website’s security.


Life time discount when you purchase your first order. Applies to Web Hosting, Reseller Hosting, and Cloud Servers.

Free Domain included on yearly Web Hosting plans.

Use code WEBOFF at the checkout!

Terms and Conditions apply. Voucher code is only valid for new customers.