Deny access to .htaccess and other hidden files

There are many security guides that recommend protecting your hidden files (.htaccess, .htpasswd etc.) with .htaccess rules.

So to protect your hidden files, just add this code snippet to your main site .htaccess file.

# Deny access to hidden files - files that start with a dot (.)
<FilesMatch "^\.">
Order allow,deny
Deny from all
</FilesMatch>

If you are using a VPS or dedicated server, you can add this code in the /home/.htaccess file, so it will protect hidden files on all the sites.

Notice that you will still be able to edit the file via FTP/control panel File Manager.

Related articles:
.htaccess articles

This Post Has One Comment

  1. Nigel Horne

    That blocks access to .well-known and therefore breaks Lets Encrypt.

Leave a Reply