.htaccess is a document that controls access to different files and folders on the website, as well as the website overall. When accessing the page that is blocked in .htaccess, user will see a service page with a 404 error code.
How to edit .htaccess
- Log into cPanel
- On the dashboard, click on File manager.
- Go to the public_html folder.
- By default, .htaccess is hidden. So click the Settings button and check the Show hidden files (dotfiles) mark.
- Now click on .htaccess and click Edit.
- After you are done with the file, click on Save changes.
How to deny access to the website for everyone
In order to completely deny access to the website,add the following lines to the .htaccess
deny from all # Denies access to the website for all IPs
How to allow access to the website for only some IPs
In order to completely deny access to the website for all IPs but some, add the following lines to the .htaccess
order deny,allow # Sets the order for the execution of the commands. Right now, allow is executed after deny. deny from all # Denies access to the website for all IPs allow from XXX.XXX.XXX.XXX # Allows access for the mentioned IPs. If there are more then one, separate them with a spacebar.
How to deny access to the website for only some IPs
In order to deny access to the website for some IPs, add the following lines to the .htaccess
deny from XXX.XXX.XXX.XXX # Denies access for the mentioned IPs. If there are more then one, separate them with a spacebar.
How to control access to a single file
If you want different files and folders to have different access settings, you can use the <Files> command. For example, in order to deny access to wp-config.php for everyone but you, add the following lines to the .htaccess
<Files wp-config.php> order deny,allow # Sets the order for the execution of the commands. Right now, allow is executed after deny. deny from all # Denies access to the website for all IPs allow from XXX.XXX.XXX.XXX # Allows access for the mentioned IPs. If there are more then one, separate them with a spacebar. </Files>
You can lock down the .htaccess the same way:
<Files .htaccess> order deny,allow # Sets the order for the execution of the commands. Right now, allow is executed after deny. deny from all # Denies access to the website for all IPs allow from XXX.XXX.XXX.XXX # Allows access for the mentioned IPs. If there are more then one, separate them with a spacebar. </Files>