How to Stop Access to Sensitive Files of Your WordPress Website

How to Stop Access to Sensitive Files of Your WordPress Website

Just a few days ago, one of our clients had to face a hard time when his website got injected with some malicious code; it happened because of the poor security.

Most of the WordPress users neglect the vulnerabilities, which may turn into a backdoor, and hackers always look such a space to inject code.

You may be wondering how can someone come to know whether your website has any vulnerability or not. Well, automotive bots run the scripts, and if they find a chance to create a backdoor on your site, they hack it.

The hacking process is complicated to grasp. Instead, you should focus on hardening your website’s security. Adding more and more security layers is a plus point.

As you know, WordPress has some sensitive files, which can break the whole website, it’s essential to secure such files.

Core files like .htaccess, wp-config.php, and more play a vital role. The wp-config.php is responsible for making a connection between your website’s data and its database, and if something goes wrong, your site can’t remain intact.

Secure the Most Important WordPress Core Files

If you go through any WordPress forum, you can find people pleading how their website isn’t working, someone injects code in any of the files, the database doesn’t work, and more.

I hope you don’t want to be in a situation where you need to deal with a hard time. I understand how hard it is to build a website, and you too.

Losing the content takes only a few minutes, writing it requires years. I am going to walk you through a simple process to harden the security, so that authorized users can’t access sensitive files.

Follow the steps.

Step 1:

Login to cPanel and search for the file manager icon. In most of the cases, you can see an icon along with other files, but a few companies have a different system.

I am sure, you have tried Hostinger, options are similar, but the layout of cPanel is entirely different than the classic design.

How to Stop Access to Sensitive Files of Your WordPress Website

If you use Bluehost, the design is in blue, which is because to keep the brand value, Bluehost uses the same color everywhere.

So, no worries, find the file manager and open it.

Step 2:

If you host only one domain on your web hosting server, you need to open the public_html folder, where all of your core files and folders are available.

But if you run multiple domains on the same server, you may in need to look for the specific folder in the root directory.

How to Stop Access to Sensitive Files of Your WordPress Website

Click on public_html from the vertical left-hand sidebar, and you can see WordPress files.

Search for the .htaccess file and right-click to edit.

Note: You need to add code to .htaccess, which can protect all of your sensitive files.

If you don’t find the .htaccess file, you have go to Settings at the top-right corner of the screen, and check to box to display hidden files.

How to Stop Access to Sensitive Files of Your WordPress Website

Step 3:

Now a popup displays, from which you need to click on the Edit button to authenticate that you are sure about editing the .htaccess file.

How to Stop Access to Sensitive Files of Your WordPress Website

Step 4:

You can see a new tab having many coding lines. You need to copy and paste the code between #Start WordPress and #End WordPress.

<FilesMatch "^.*(error_log|wp-config.php|php.ini|.[hH][tT][aApP].*)$">
Order deny,allow
Deny from all
</FilesMatch>

You may be wondering what this code does.

Well, as you can see, it has wp-config, error log, PHP.ini, and .htaccess, which means the code prevents all of these files from accessing by any other user.

Note: Backup the .htaccess file before making any changes so that if something goes wrong with your website, you revert to the old .htaccess file.

And it’s necessary to back up your whole website and its database. Sometimes, coding doesn’t match with other redirects.

Having a backup secures you from losing your data, and you can restore it anytime you want.

Isn’t it So Simple to Protect Your Website’s Sensitive Files

if you have noticed, most of the time, you require the wp-config.php and .htaccess files to increase the default file upload limit, set up a direct, and more.

The PHP.ini file also plays a vital role. If you’re a techie person, you may know how simple it is to fix the maximum execution time exceeded error using PHP.ini.

Conclusion

Knowing the importance of all sensitive files is essential for a WordPress user. I remember when I deleted the wp-config.php in my starting days, it was an honest mistake, and my 2 days of hard work was gone.

I was in luck, but you might not be. So, be prepared to have the back and secure such files using .htaccess. I hope, it’s an easy task.

Check out these top 3 cPanel hosting services:

Hostinger
£2.34 /mo
Starting price
Visit Hostinger
Rating based on expert review
  • User Friendly
    4.7
  • Support
    4.7
  • Features
    4.8
  • Reliability
    4.8
  • Pricing
    4.7
HostArmada
£1.95 /mo
Starting price
Visit HostArmada
Rating based on expert review
  • User Friendly
    4.5
  • Support
    4.5
  • Features
    4.5
  • Reliability
    4.5
  • Pricing
    4.0
FastComet
£1.40 /mo
Starting price
Visit FastComet
Rating based on expert review
  • User Friendly
    4.7
  • Support
    5.0
  • Features
    4.8
  • Reliability
    4.5
  • Pricing
    5.0

How to Disable File Editing in the WordPress Admin Panel

This how-to guide explains to stop file editing from the WordPress admin panel t
3 min read
Arvind Singh
Arvind Singh
Hosting Expert

How to Block a Country from Your WordPress Website Using cPanel

This how-to guide explains the best possible way to block specific country users
3 min read
Arvind Singh
Arvind Singh
Hosting Expert

How to Disable the XML-RPC WordPress File Using cPanel

This how-to guide teaches you to disable the XML-RPC WordPress file to reduce th
3 min read
Arvind Singh
Arvind Singh
Hosting Expert

How to Block Hackers Using cPanel From Scanning Your Website's Authors

This how-to guide helps you understand the concept of protecting authors' names
3 min read
Arvind Singh
Arvind Singh
Hosting Expert
HostAdvice.com provides professional web hosting reviews fully independent of any other entity. Our reviews are unbiased, honest, and apply the same evaluation standards to all those reviewed. While monetary compensation is received from a few of the companies listed on this site, compensation of services and products have no influence on the direction or conclusions of our reviews. Nor does the compensation influence our rankings for certain host companies. This compensation covers account purchasing costs, testing costs and royalties paid to reviewers.
Click to go to the top of the page
Go To Top