Category Archives: Website Security

How to exclude a sub-folder from WordPress control?

How to exclude a sub-folder from WordPress control?

Here is a quick fix for those who have come across this problem and looking for a solution to stop WordPress from redirecting.

If you have WordPress website with a sub folder that needs to be outside the control of WordPress then this little fix will get rid of your headache.

This requires editing the .htaccess file either from your ftp account/cpanel or via the WordPress dashboard with admin login. If you don’t know how to edit your .htaccess file from within your WordPress then search for plugins that allow you to edit this file.

It is a simple change and most websites have already a default .htaccess file.
Within the htaccess file locate the following code:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress

Change the following line from this

RewriteRule . /index.php [L]


RewriteRule ./ /index.php [L]

and that is pretty much all you need to do. It was a life saver for me.
I wanted to use this so that I can password protect a private use folder.
I use this particular folder to store personal documents that I can view from any place or computer and I need to provide valid user login details.
If you’re using CPANEL you can set this up in the “Directory Privacy” icon.

Have a great day!


How To Protect a Web Directory with .htaccess

Protecting a folder or a directory on your website is easier than you may think with htaccess.

FTP Program

It really involves one little file to be uploaded via your FTP program or

Creating a .htaccess file

We need to create a dot htaccess file “.htaccess” in the directory we want to protect. The .htaccess file will affect the current folder it is in, and all sub-folders.

This method will work if you know something about your IP.

.htaccess files are a feature of Apache and similar web servers.

Finding Your IP

To findout your IP just go to a search engine and type in “what is my IP” in the search query.

You will find that by clicking anyone of those active listings the sites that provide an IP will return to you the IP you’re connecting with.

Dynamic IPs versus Static

There are some ISP’s (internet service providers) who provide a dynamic IP. This means you are allocated a differnt IP each time your ADSL modem makes a connection with your ISP. With these types of ADSL connections you will eventually need to use your proxy’s IP or enter a broader coverage of IPs that you are likely to receive from your ISP.

For example lets say you IP is shown as

Each time you’re connected you may receive any one of these IP range ie. –

In this case we will need this information to create the correct entries within our .htaccess file

Here’s the basic entries that will need to be entered in the .htaccess file, there should be no leading spaces within the htaccess file.

Order Deny,Allow
Deny from all
Allow from 123.123.123

If on the other hand your IP pool encompassed a wider range

i.e, –

Then the entrie to encode would be something like


So your overall .htaccess file would be

Order Deny,Allow
Deny from all
Allow from 123.123.122
Allow from 123.123.123
Allow from 123.123.124

This type of protection will stop any foreign IPs from even getting a peek at the directory even if they know the links.

I use this method to stop any IPs from trying to login to my login forms on my sites. This is a great way with very low overhead on the server to deter would be breakins to the backend of your wordpress sites.

It makes a lot of bots scratch their heads as to why their algorithm does not work.

Cheap and powerful way to secure a directory from external users.