A .htaccess (hypertext access) file is a directory-level configuration file supported by several web servers, that allows for decentralized management of web server configuration. They are placed inside the web tree, and are able to override a subset of the server’s global configuration for the directory that they are in, and all sub-directories.
The .htaccess file is a limited subset of the Apache server’s configuration file httpd.conf. It is typically located in the WordPress installation folder. It provides a means to restrict access on a per directory level. The advantage of this is that the .htaccess file is read on every request, so changes made here take effect immediately and does not require a server restart as does modifying the httpd.conf file. The disadvantage of this is that it is read on every request, so there is a small performance hit. When practical it is preferable to modify httpd.conf file.
Now that you’re familiar with what the .htaccess file is, this is a partial list of some of the thing it can do.
This is quite a lot so for today we are going to do something simple and learn how to restrict access to the contents of your web folders.
To see if your web site is exposed type the following into your web browser.
“http://yourwebsite.com/wp-includes/” replace yourwebsite.com with your actual website. As long as you have a standard wordpress installation your should see one of two things
# Prevent folder browsing Options All -Indexes
Now if you enter the /wp-includes/ directory in your browser you will get a 404 error.
Preventing directory browsing is just the first step in securing your web site. I be posting further articles on this subject as time permits.