Deny Access to Your .htaccess File

There is a file inside your hosting account known as a .htaccess file. This file, which is named as an extension only (notice the dot before the name), can affect the way the web server handles your website. It can power webpage redirects and rewrites, password protected directories, IP address blocking, and much more.

Some commands that are run in your .htaccess file use the absolute path to the file system of your account. That means that instead of using the relative path (your URL), it uses something like this:


That is the path on the server, to your account and files.

Some web server configurations will not deny access to this file. This can be a problem. If your .htaccess file is accessible to a browser, anyone can viewit. Depending on what you have in the file, you could be showing the world your control panel username, as well as paths leading to hidden files and directories. So how do you stop that from happening?

Protect Your .htaccess file

Open your .htaccess file. At the top of the file, add this code:

[box]<files .htaccess>
order allow,deny
deny from all

Save the file and you’re done.

The code you’ve added will prevent access to your .htaccess from anyone trying to view it. The server can still interpret the file as it normally would, but now the outside world is unable to view it. This is a good thing, as there is no reason for someone to need to view your .htaccess file.

If the file exists. Try loading it in your browser. If you can’t load it, you’re good to go. If you can load it, add the code above to stop access. You can also change the permissions of the file to 0644 to prevent anyone from writing over the file.

Leave a Reply

Your email address will not be published. Required fields are marked *