using .htaccess only for wordpress security no plugins

Yes, you can use a htaccess.

In fact, I often recommend htaccess based protections over plugins because they do not depend upon PHP code or WordPress. The use a completely independent system – Apache.

The more important question is:

Do your htaccess rules protect against the threats you with to
mitigate?

Some protections may require a plugin simply because the functionality is not available through what Apache offers.

For example, many plugins attempt to block brute force attacks against your WordPress Login.

You can also achieve the same result by using HTTP Authentication.

Similarly, some plugins try to protect against code-injection, but you can also do this with Apache’s mod_rewrite.

Related Posts:

  1. Content-Security-Policy implementation with WordPress W3Total Cache plugin installed
  2. What security concerns should I have when setting FS_METHOD to “direct” in wp-config?
  3. What Are Security Best Practices for WordPress Plugins and Themes? [closed]
  4. Are WordPress Plugins essential?
  5. I found this in a plugin. What does it do? is it dangerous?
  6. What are the common security flaws I need to look for? [closed]
  7. Disabled plugins are they security holes – rumor or reality?
  8. What could a hacker do with my wp-config.php
  9. How Can I Securely Implement a Password-less Login Feature?
  10. Security and .htaccess
  11. Why “Contact Form 7” doesn’t update PHPmailer library?
  12. Are there procedures to prevent malicious plugin updates?
  13. How to stop wordpress from changing default .htaccess permissions to 444
  14. Secure WordPress paid plugin
  15. How to make media upload private? [duplicate]
  16. Does WordPress contain “default” anti-SQL injection code that responds with a 404 error?
  17. What does a security risk in a plugin look like?
  18. WordPress Capabilities: edit_user vs edit_users
  19. Should we use plugins that aren’t available from the official WordPress site?
  20. How to check plugins for malicious code?
  21. How to properly secure my WordPress installation?
  22. Why allow overriding crucial pluggable functions wp_verify_nonce and wp_create_nonce?
  23. Where should my plugin POST to?
  24. Security error WP 4.0 + WP phpBB Bridge [closed]
  25. Should I install plugins to my WordPress installation from web sites having in URL “nulled” or, “null”?
  26. Disabled plugins are security holes – rumor or reality?
  27. Can I ignore caching of a plugin in W3 Total Cache? [closed]
  28. Why am I sometimes getting a 404 error when I try to update a page with Elementor?
  29. Should I use RIPS tool to test my themes and plugins?
  30. Prevent Brute Force Attack
  31. Why users disable the WordPress update?
  32. How many security plugins are too many? [closed]
  33. Will WordPress username displayed somewhere in the site?
  34. Upgrading WordPress 4.0 asks for FTP password
  35. Is revealing just the AUTH_KEY a security issue?
  36. How Restrict access to admin dashboard by specific static ip?
  37. Error Message from W3 Total Cache when .htaccess Rules Cannot Be Modified? [closed]
  38. When is it useful to use wp_verify_nonce
  39. Protecting against malicious code in WordPress plugin updates
  40. Questions about brute force attacks on the admin username, coming from amazon IP addresses
  41. Specific way to allow WordPress users to view their current password? And edit it?
  42. Too many login attempts
  43. Is there any pre-existing plugin to track and block IPs with suspicious activity on my site?
  44. How to prevent plugins from sniffing/stealing other plugins’ options?
  45. “W3 Total Cache” with “What Would Seth Godin Do” (and widgets?!)? [closed]
  46. Website show Google Ads when we have no Google Ads linked to our website
  47. Vulnerability Concern From the Plugin or From Not Updating the Plugin?
  48. How to add support for caching plugins for my own plugin?
  49. Custom API plugin to execute 3rd party API to retrieve data
  50. How to deal with Slow HTTP POST (slowloris) vulnerability
  51. Running multiple security plugins
  52. how do I secure my WP website from hackers? [closed]
  53. Chrome Dev Tools console says every page in my blog has link to http://maps.google.com [closed]
  54. Object Caching Plugin force every plugin to cache objects?
  55. Webservice credential storage [duplicate]
  56. Regarding plugin security
  57. How do I determine if the user who registered is not spam?
  58. If I use an alternative login (e.g. CAS or other SSO) plugin, is my site protected from the recent brute force login attempts?
  59. Is this plugin safe to run?
  60. Sociable buttons displaying seemingly at random [closed]
  61. W3 Total Cache Help – How to update DNS Zone for a static domain [closed]
  62. Is the Block Bad Queries Plugin Still Relevant?
  63. WP Insert Post If user refreshes override new post
  64. 404 errors when updating options in admin dashboard
  65. What archive plugin works with W3 total cache? [closed]
  66. Website Captcha Error: The reCAPTCHA wasn’t entered correctly
  67. Hide plugins and theme from public
  68. WordPress search shows protected content
  69. Security of a WordPress Plugin
  70. Can I disable xml-rpc by setting it to false?
  71. How can I disable new plugin and theme install, but allow updates?
  72. Memcaching recurring SQL Queries
  73. Help to Create a Simple Plugin to make a post
  74. Validating ajax search
  75. WordPress disable direct access of files in WordPress installation path
  76. Asking help regarding potential malware
  77. prevent anonymous access to WordPress site (non-admin site)
  78. My wp database has been hacked
  79. How can I disable W3 Total Cache Image Lazy Load for Specific Post Type?
  80. Bing/msn bots is heavily requesting random of my website
  81. “Fire Secure” menu item
  82. Securing a plugin pop-up window
  83. https rewrite not working for All in one security Brute force > rename login url
  84. WordPress Dashboard shows no plugins installed!
  85. Redux framework somehow added to my site, can’t locate in plugins
  86. Primary Menu doesn’t show because of w3 cache
  87. Being hacked. Is there a list of WordPress security holes I can check against?
  88. wp_verify_nonce fails always
  89. How can i see/log all requests coming from a registration form (not from the UI)?
  90. Write mysql credentials in plugin
  91. Site is continuously accessing by several IPs
  92. w3 total cache and post__not_in
  93. W3 Total Cache Can’t Really Detect Things
  94. Validating values using Settings API?
  95. SWF in wordpress post
  96. Unwanted Links and Spam WordPress Pages and Posts
  97. Problem with permissions in wp-content/plugins
  98. W3 Total Cache and IIS7 not doing much [closed]
  99. File permissions for wp-minify plugin
  100. What is the recommended way to be notified of security updates to my plugins? [closed]
Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)