If you are a webmaster and play with making websites and maintaining them then your first preference should be the security and privacy of source files, just like I am running techiesouls and I don’t want its design to be ripped and see someone using It unless I release and let others use it. I mean this is one of the worst feeling a webmaster can have or you never want your website hacked in any way .htaccess is a very easy way to keep your self away from this type of problems other than security commands I’ll be explaining some usable commands as well which are better to use.

Some htaccess commands are really useful and must have for a webmaster or we can say bloggers if they are hosting their own blogs. Today I am sharing some of htaccess commands which I am using and I think everyone of you should know about them.

Starting one by one with little description so its easy for you to know which command do what in result:

First of all for those who don’t know where is .htaccess file and how to edit it .htaccess file is always on your root directory where your main index file is placed if there is no .htaccess file then make one if there is already then just press edit with your online editor or download it to your pc and open it simply with notepad edit save and upload again on your website root.

Protecting .htaccess file (security)

First of all protect your .htaccess file so no one can edit it in anyway you have to first make it un accessible. This command is recommend to every webmaster.

# Protect .htaccess file
<files .htaccess>
order allow,deny
deny from all
</files>

Disable Directory Browsing (security)

If you set up a blog or any sort of website the first thing you should do is to disable the directory browsing at all so no trespasser can access any file by just accessing a folder on your site without index file, this way any one will be able to download whatever there is like images html files design files or anything that is placed out of your index folders see screenshot on top of the post.

# Disable directory browsing
Options All –Indexes

Limit Upload File Size (security)

Limit upload size so no one having bad intensions can upload heavy scripts which can take your site down in no time even if he cracked & accessed your account detail in someway.

# Limit upload size to 10mb per file
LimitRequestBody 10240000

Make Sensitive Files like wp-config.php Unaccessible (security)

If you are using wordpress then you should make your wp-config.php private so no one can access your mysql DB username, password and database name accessing to this information can make hacker work even more easier and he’ll access your database with ease which you surely don’t want to, Other than wordpress any other platform where a file is having information like this Database name, database username and password should be prohibited to access just change the file name in following command if its on root of your website.

# Protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all
</files>

Custom 404, 403, 500 Pages (usability)

This is more of a usable command, if you are looking to make custom 404 not found, 403 forbidden and 500 error pages then following command is what you are looking for just put custom php files with filenames in command and put them in your website root and you are good to go.

# Custom 404 403 and 500 pages
ErrorDocument 404 /notfound.php
ErrorDocument 403 /forbidden.php
ErrorDocument 500 /error.php

Prevent Image Hotlinking and Save Bandwidth (usability)

If you have limited bandwidth and if you have a lot of bandwidth and every month all bandwidth got drained in the last of month then one of the reasons can be some websites are hotlinking your images to prevent this problem you can use following command it will then prevent direct linking of images hosted on your domain and replace the hotlinked image with some error image you have to put on root of your website, it can be showing some error message or forbidden message its upto you.
Here “yourdomain” is name of you website just replace it with yours and error_image.gif is image that will show in the place of actuall hotlinked image. (make error image light enough to resolve bandwidth issues)

# Disable hotlinking of images and replace them with error image
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com/.*$ [NC]
#RewriteRule \.(gif|jpg)$ – [F]
#RewriteRule \.(gif|jpg)$ http://www.yourdomain.com/error_image.gif [R,L]

Block Reffered Traffic (usability)

This is a command that someday come useful for any webmaster as we know social bookmarking websites are penetrating in any field of web, if you ever encountered or listened about dig effect when more than enough (enough that you cant imagine) traffic is derived to your page from dig, this is when your page got enough digs to show up on digg’s front page then hell lota traffic will be there at your step shared servers normally cant handle that much amount of traffic it can cause huge server load which any webhosting wont be willing for shared server so they suspend or temporarily disable the website having massive load. The following command is to block traffic from referring site you mention like dig.com.

# Block reffered traffic
RewriteEngine on
RewriteCond %{HTTP_REFERER} digg\.com [NC]
RewriteRule .* – [F]

Block User Access By IP (usability)

This command is to block website access from a specific IP if you know some buy is’t good for your website if you received threats, spamm or any sort of unusual activity from an IP you can simply block its access with this command.

# Block Access by IP
order allow,deny
#deny from 000.000.000.000
allow from all