.htaccess (hypertext access) is the default name of directory-level configuration file that provides decentralized management of configuration while inside your web tree. .htaccess files are often used for security restrictions on a particular directory. So it is very important to secure .htaccess.

1. Add the following code into the .htaccess files.

# STRONG HTACCESS PROTECTION

order allow,deny

deny from all

satisfy all

2. Secure your config.php by adding the follwoing

# protect wp-config.php

Order deny,allow

Deny from all

3. Prevent hacker from browsing your directory by adding the code

# disable directory browsing

Options All -Indexes

4. Prevent script injections.

# protect from sql injection

Options +FollowSymLinks

RewriteEngine On

RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]

RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]

RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})

RewriteRule ^(.*)$ index.php [F,L]

5. Limit access to the wp-content directory by creating a .htaccess in the wp-content folder .

Order deny,allow

Deny from all

Allow from all

6. If you have a static Ip, it is better to create an .htaccess in wp-admin folder.

# deny access to wp admin

order deny,allow

allow from xx.xx.xx.xx

deny from all

If you require help, contact SupportPRO Server Admin