Thanks,
Charles

In these text snippets, do we replace “?’yourdomain.com” and “!.*yourblog.com.*”
with our own domain names—or do these work as is when dropped into our .htaccess file???

Thank you,
Charles

The WP -security-scan keeps telling me there is no .htaccess in the WP-Admin dir. – so just ignore it then? Not even some basic code in there?
Jay´s last undefined ..If you register your site for free at

I now understand the renaming, but that doesn’t apply to me either, as I don’t have my own server – but yes, good tip, makes sense!
Jay´s last undefined ..If you register your site for free at

by default the filename for access control is .htaccess. This is the file that “Apache” will look up to see what restrictions are specified and then it will control the access accordingly when a client makes a request to access your site through the browser.

when you have protection in place the hackers know that it is specified in this file so they will try to attack this file so the protection can be destroyed. You can specify a different name for this access control file in the server configuration file (e.g. httpd.conf, access.conf etc) and “Apache” will look up that file instead. This way anyone from outside has no way of knowing which file to attack because they can’t guess the name of it.

Your server will have other security measures in place so this is not really necessary and in some cases not doable if you don’t have a dedicated server. This is something good to know and do it if you are running your own server from your home PC and you don’t really have a lot of other security measures in place.

Ok, good CHMOD rule.

Renaming: you mention in the last line of your article:

“Better still, you can rename the .htaccess to any other name you like

# rename htaccess files
AccessFileName ht.access”
Jay´s last undefined ..If you register your site for free at

You can put the content explained in the “Restrict Access to WP Admin directory by IP Address” section in a .htaccess file and put it in the “wp-admin” directory. You will obviously have to modify the a.b.c.d to your IP address (don’t do this if you don’t have static IP address).

Regarding file permission… here is a general rule of thumb… files should have a permission of 644 and directories should have a permission of 755

Got the following questions:
1 – I use the WP Security Scan plugin (by Semper Fi) – it tells that one thing is incorrect: “The file .htaccess does not exist in wp-admin/. ” Now, what do I put in that file? I contacted him last year, I searched all his documentation (which is lacking for this item) and that is how I ended up on your site.
2 – Do I need any other .htaccess files – if yes, where do I put them (root?), what do I put in them and what CHMOD do they get?
3 – As Mugger asked before, how do you apply the renaming? Where do you put what?