Top 5 Security Scripts for Your Website in .htaccess
Protect your website using five powerful .htaccess security scripts. From blocking malicious IPs to preventing hotlinking, secure your site with these essential configurations.
The .htaccess file is a powerful configuration tool for securing your website. Here are 5 essential scripts you can add to your .htaccess file to enhance your site’s security.
1. Block Specific IP Addresses
Prevent malicious users or bots from accessing your site by blocking their IPs.
order allow,deny
deny from 192.168.1.100
deny from 203.0.113.0/24
allow from all
Why Use It?
This script blocks access to your website from specific IP addresses or IP ranges. It’s useful when you identify suspicious activity from certain IPs, such as brute-force attacks, spamming, or scraping bots. By denying access, you reduce the risk of attacks from known malicious sources.
2. Prevent Hotlinking
Stops other websites from stealing your images and bandwidth.
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https://(www\.)?yourdomain.com/.*$ [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [F]
Why Use It?
Hotlinking occurs when other websites directly link to your images, consuming your bandwidth without permission. This script blocks external sites from embedding your media files, protecting your server resources, and ensuring your website loads faster for legitimate visitors.
3. Disable Directory Browsing
Prevents users from viewing files in directories that don’t have an index file.
Options -Indexes
Why Use It?
Without this rule, visitors can see a list of files in directories without an index file, potentially exposing sensitive information. Disabling directory browsing hides your file structure, reducing the risk of data leaks and making it harder for hackers to find vulnerabilities.
4. Protect .htaccess and Other Critical Files
Ensure attackers can’t access your .htaccess or configuration files.
Order Allow,Deny
Deny from all
Why Use It?
Your .htaccess file contains critical security settings. If an attacker accesses it, they could exploit your configurations. This rule blocks external access to .htaccess and similar files, preventing unauthorized users from viewing or modifying sensitive data.
5. Enable HTTPS (Force SSL)
Redirect all HTTP traffic to HTTPS for better security.
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://yourdomain.com/$1 [R=301,L]
Why Use It?
This script forces all website traffic to use HTTPS, ensuring encrypted communication between your site and visitors. HTTPS protects sensitive data (like login credentials and payment information) from being intercepted, improving security and SEO rankings.
