Tag Archives: htaccess directory

How To Protect a Web Directory with .htaccess

Protecting a folder or a directory on your website is easier than you may think with htaccess.

FTP Program

It really involves one little file to be uploaded via your FTP program or https://filezilla-project.org/

Creating a .htaccess file

We need to create a dot htaccess file “.htaccess” in the directory we want to protect. The .htaccess file will affect the current folder it is in, and all sub-folders.

This method will work if you know something about your IP.

.htaccess files are a feature of Apache and similar web servers.

Finding Your IP

To findout your IP just go to a search engine and type in “what is my IP” in the search query.

You will find that by clicking anyone of those active listings the sites that provide an IP will return to you the IP you’re connecting with.

Dynamic IPs versus Static

There are some ISP’s (internet service providers) who provide a dynamic IP. This means you are allocated a differnt IP each time your ADSL modem makes a connection with your ISP. With these types of ADSL connections you will eventually need to use your proxy’s IP or enter a broader coverage of IPs that you are likely to receive from your ISP.

For example lets say you IP is shown as

Each time you’re connected you may receive any one of these IP range ie. –

In this case we will need this information to create the correct entries within our .htaccess file

Here’s the basic entries that will need to be entered in the .htaccess file, there should be no leading spaces within the htaccess file.

Order Deny,Allow
Deny from all
Allow from 123.123.123

If on the other hand your IP pool encompassed a wider range

i.e, –

Then the entrie to encode would be something like


So your overall .htaccess file would be

Order Deny,Allow
Deny from all
Allow from 123.123.122
Allow from 123.123.123
Allow from 123.123.124

This type of protection will stop any foreign IPs from even getting a peek at the directory even if they know the links.

I use this method to stop any IPs from trying to login to my login forms on my sites. This is a great way with very low overhead on the server to deter would be breakins to the backend of your wordpress sites.

It makes a lot of bots scratch their heads as to why their algorithm does not work.

Cheap and powerful way to secure a directory from external users.