Hardening WordPress – how to set .htaccess permissions?

It might be useful to let the web server write .htaccess during initial site setup, e.g. when you’re setting up rewrite rules (as it said) or if you’re setting up a multisite network. Once you’ve done that though it no longer needs to edit the file so it would make sense to secure it the same as you would the other files in the root folder.

However if WordPress can’t write .htaccess itself then it will tell you what edits to make and give you lines to paste in, so it’s not a big deal if you don’t ever give it write access.

Related Posts:

  1. File and directory permissions
  2. Rewrite /?rest_route=/ link to /wp-json/ without changing default permalink structure in apache
  3. index.php not loading in main folder of wordpress
  4. Which WordPress scripts need to be executable for a fresh installation?
  5. Redirect from different port to subdomain – htaccess
  6. WordPress 404 on Subdomain
  7. Only expose routes with prefix /wp-json on WordPress using Apache
  8. Restricting user login by IP address
  9. What’s the opposite of required valid user in .htaccess authentication
  10. How can i redirect one url to another url using .htaccess or add_rewrite_rule
  11. Override htacces rule only for specific directory
  12. Restrict uploaded files into a custom folder to logged in users by htaccess: looking for Nginx – not only Apache – solution
  13. How do I test to ensure that my wp-config file is protected?
  14. .htaccess Security Header Rules
  15. mod_rewrite loop, redirecting http to https on certain section of wordpress blog
  16. .htaccess in subdir gets ignored by WordPress’ own .htaccess in /
  17. Directing subdomain to main domain and keeping the subdomain format with .htaccess
  18. WordPress – Promoting A Dev Build In A Subdirectory To Production / Root Directory
  19. Redirect old domain with query paramaters
  20. Does WP suppresses .htaccess if permalinks are disabled?
  21. fix 302 redirection error on https
  22. Access sub-domain when root public_html is protected with .htaccess password
  23. Accepting special characters in querystring
  24. Centos 7.2 wordpress on going to /admin shows Forbidden You don’t have permission to access /wordpress/wp-admin/ on this server
  25. WordPress permalinks confusion
  26. Configure .htaccess to have a WordPress single site installation with all subdomains pointing to the same pages?
  27. Unable leverage Browser Caching on AWS Bitnami stack (Apache) through W3TC and Cloudfront CDN
  28. How to move wordpress website from hosting account to localhost
  29. How to block wordpress admin by htaccess
  30. I can access subdirectory, but not files within it
  31. Debug errors for “Destination directory for file streaming does not exist or is not writable”
  32. WordPress redirection
  33. How To Add CSP frame ancestors in WordPress Website? [closed]
  34. Subfolder install not working
  35. Browser Caching .htaccess
  36. Getting a 500 Internal Server Error on Laravel 5+ Ubuntu 14.04
  37. .htaccess: Invalid command ‘RewriteEngine’, perhaps misspelled or defined by a module not included in the server configuration
  38. htaccess problem after saving Settings
  39. Multisite htaccess on localhost with WP as an SVN external?
  40. htaccess disable WordPress rewrite rules for folder and its contents
  41. htaccess https redirect from www to non-www
  42. Name-based virtual host configuration in Apache seems to cause a “500 Internal Server Error”
  43. WordPress Multisite – Multiple subfolders for blogs
  44. Isolating WordPress to a subfolder
  45. Error 101 after upgrading WordPress
  46. What is the role of .htaccess file in WordPress?
  47. Remove File Extension for Page Outside of WordPress
  48. different child theme for subdomain
  49. How do I edit the htaccess file to optimize my website?
  50. Block only external access to wp-cron.php on OpenLiteSpeed
  51. Site searches by Python for non-existent assets
  52. WordPress On subfolder
  53. Best way to redirect site in subdirectory to root?
  54. Missing slash after moving site to subfolder
  55. WildCard SSL with wordpress subdomain
  56. Changes to .htaccess not updating the file (old rules still take effect)
  57. How To Allow Only Specific User Agent To Access a URL?
  58. How to ignore folder in site root while accessing a URL
  59. How can I enable keep alive (Not accessing to Apache)
  60. Site loads very slowly (4-5 minute load time)
  61. HTTP sitewide, except for: wp-admin, and 2 custom directories
  62. How do I host WordPress on a hidden domain through a reverse proxy?
  63. WordPress installed in root, need second in subdirectory with different domain
  64. htaccess has broken my site
  65. TimThumb & htaccess : clean url
  66. Only Allow Front End Access
  67. .htacess rewrite condition: page to seconddomain/page
  68. 404 error Additionally 403 Forbidden error on a URL
  69. Need help rebuilding lost htaccess file
  70. I have a page using a pretty url and a mod_rewrite rule matching it. I expected it to give an error but it’s working. Why?
  71. How do I setup htaccess for 301 redirects, post Joomla to WordPress migration? [closed]
  72. How to rename index.php to home.php
  73. Strange behaviour of is_user_logged_in() and get_current_user_id()
  74. disable WordPress 404 for one specific page/folder to receive actual php errors
  75. .htpasswd asking for authentication on home page
  76. WordPress login fail after .htaccess domain redirect
  77. Redirect to new domain with .htaccess [closed]
  78. Redirect https://www.subdomain.domain.com is not redirecting to subdomain.website.com [closed]
  79. htaccess redirect throws an error: PHP Catchable fatal error: Object of class WP_Error could not be converted to string
  80. Can’t access htaccess [closed]
  81. .htaccess redirect not properly working [ ?utm_source=]
  82. Should I prevent access to .htaccess and wp-config.php files?
  83. WordPress How to rewrite URL for custom pages
  84. Downloading zip or tar.gz inside WordPress installation?
  85. Clicking PUBLISH Now Redirects to 404 PAGE NOT FOUND
  86. Unable to find ‘full-path’ to my 404.php file
  87. Use htaccess to redirect wordpress non-existent page to homepage
  88. Moved WordPress to other folder (Windows) WAMP = 403 Forbidden
  89. Rewrite /keyword1+keyword2.html to search page | .htaccess
  90. What to do after a wrong RewriteRule?
  91. Need to edit htaccess while moving on WordPress
  92. How can I create a private site that is inaccessible from the outside?
  93. Issue after changing permalink structure [duplicate]
  94. Can I redirect the http request towards an old folder to the homepage using .htaccess file? [closed]
  95. rewrite rule on plugin activation
  96. Url redirection using htacess for my website
  97. WordPress Media Library rendering blank image tiles
  98. Redirect loops in Bing holding my sites back
  99. How do I modify each instance of setcookie?
  100. Permalinks not working on debian with OVH
Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)