More .htaccess tips
Reviewedbyfl
Markdown ↓More .htaccess tricks.
Discover additional .htaccess techniques including WordPress protection, file extension blocking, custom error pages, and IP-based access control on fortrabbit.
Tip: Comment your .htaccess file
Apache directives with regular expressions tend to look gibberish. Make sure to comment what you have been doing so you can understand it later.
Block all common WordPress files
<Location ~ "(wp-login\.php|wp-comments-post\.php)$">
Order allow,deny
Deny from all
</Location>
Limit WP Admin to an IP if possible
<Files wp-login.php>
Order deny,allow
Deny from all
Allow from <YOUR IP>
</Files>
Block specific file extensions
# Archives you probably don't want to expose
<FilesMatch "\.(bz2|gz|zip)$">
Order allow,deny
Deny from all
</FilesMatch>
Allow access only for you
You may want to prevent accessing your website for anyone except your company. If your company has a fixed IP, you can use .htaccess to only allow traffic from that IP or range of IPs. See IP blocking for more advanced techniques.
### 1st deny all
ErrorDocument 403 "Not Allowed"
Deny from all
### 2nd Allow your IPs
Allow from 11.11.11.11
Allow from 12.12.12.12
An alternative to this is to use a password check with HTTP Auth.
Custom error pages
You can define custom pages to make your error pages look more polished like so:
ErrorDocument 404 /404.html
This has to be a publicly accessible URL. You can do this with 4XX and 5XX errors. When using a framework or CMS likely the router will catch such errors and use PHP logic to resolve it, still some 5XX errors might appear before the program can execute the router.