How can you access htaccess

What a WordPress directory protection for?

As a rule, all areas of your website should be accessible to everyone, but there are exceptions: You may want to protect your login area additionally or you store data on your web space that not everyone should access. If you want to make parts of your site inaccessible, you need directory protection. This ensures that the Access to specific areas the website only after a password query is possible. You can set up such a directory protection for WordPress via the .htaccess file.

What is .htaccess for WordPress?

A .htaccess file is a configuration filethat can be created and edited using a simple editor (e.g. the editor for Windows). To set up directory protection with the .htaccess file, add additional lines of code. We therefore recommend editing the directory protection only to users with a basic knowledge of web design.

Tutorial: Enable WordPress Directory Protection

To open an existing .htaccess file, you need to access your web space via FTP. There you should see the file directly in the top directory of the WordPress installation Find. If the file is not available for any reason, you can create .htaccess yourself for WordPress. Using a text editor, you can simply create a new file that you .htaccess call. Make sure that this file does not have a file extension such as .txt Has.

Edit the .htaccess file

Regardless of whether you have created a new file or are accessing an existing .htaccess, you have to insert the following code into the file:

In order for the directory protection to work, you have to change the following things:

  1. You can choose the type of authentication basic left. All browsers can handle this setting.
  2. You are free to choose the name for the protected area.
  3. You need to specify where to find username and password information. The absolute path is necessary for this, which you can usually see in the customer account with your hosting provider. If you do not put the corresponding file in the root directory, you must also include the other directory structure in the path.
  4. Finally, you define the user names of the accesses, which are also listed in the password file. If you want to create several users, you can separate them with a space.

To the absolute path You can also use a trick to find out. To do this, create a PHP file with the following content:

You can freely choose the file name. Upload the file to your web space, exactly in the folder that should also contain the password file. After the upload, open the file in the browser. You should now be able to see the absolute path to this folder. Then simply delete the file again.

Create a password file (.htpasswd)

In order for your WordPress directory protection to work, you also need a second file called .htpasswd, in which you can then save the Credentials deposit. You can also easily create this file using a text editor. Then enter the user name and password in the file according to this scheme:. If several users are to have access to the protected area, create a separate line for each user.

The password should definitely stored in encrypted form become. You can find numerous generators for encryption on the Internet. It is important that you do not use a password generator. This only gives you a secure password in clear text. You need a hash generator that encrypts the secure password using a certain mathematical method (e.g. SHA-1). You can also search directly for a generator for the .htpasswd file. Such websites usually give you the correct syntax including user names directly (e.g. Enter the encrypted value in the file. Your entry could look like this:

You then load both files onto the web space. As soon as the upload is finished, the directory protection should be functional. When uploading, make sure that the file with the user information is actually in the directory that you specified in the .htaccess. Danger: They always protect the directory in which the .htaccesss file is located. So if you use the root directory, any access to your website is only possible by entering a password. If you only want to protect a specific directory, save the file in the appropriate folder. It is common, for example, to secure the wp-admin directory via .htaccess.

Authentication window due to active WordPress directory protection

Advantages of .htaccess for WordPress

With the .htaccess file you can create additional protection for your WordPress website. Even if no measure can offer 100% protection against hacker attacks, you should as many hurdles as possible build up. If you have forgotten your login data, you can simply replace the .htpasswd file with a new one.

  • You decide which folders can be used for directory protection.
  • The backup works at the server level.
  • You don't leave directory protection to the CMS alone.