Introduction:
Your website may look great and function smoothly, but without proper security, it’s vulnerable to attacks, data breaches, and malicious bots. The .htaccess file is a powerful configuration file used by Apache servers to control security, access, and redirects — all from within your hosting environment.
In this guide, you’ll learn how to access, edit, and apply essential security rules using the .htaccess file in cPanel.
Prerequisites:
1. cPanel access for your hosting account.
2. Basic understanding of file paths (e.g., public_html).
3. Your domain must be hosted on an Apache-based web server.
Step 1:
Log in to your cPanel account using your credentials.
Step 2:
1. In the Files section, click on File Manager.
2. Navigate to your website’s root directory, typically public_html.
3. Click on Settings (top-right corner) and make sure “Show Hidden Files (dotfiles)” is checked.
Step 3:
1. Look for the file named .htaccess.
2. If it doesn’t exist, click + File at the top and create a new file named .htaccess.
3. Right-click on the .htaccess file and select Edit to open the code editor.
Step 4:
Add Security Rules
Below are some commonly used .htaccess security configurations:
A. Block Specific IP Addresses
Prevent known malicious IPs from accessing your website:
| <Limit GET POST> Order Allow,Deny Allow from all Deny from 123.45.67.89 Deny from 98.76.54.0/24 </Limit> |
B. Password Protect a Directory
Add a login requirement to a sensitive folder:
| AuthType Basic AuthName “Restricted Area” AuthUserFile /home/yourcpaneluser/.htpasswd Require valid-user |
C. Prevent Image Hotlinking
Stop other websites from using your images directly:
| RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^https://(www.)?yourdomain.com [NC] RewriteRule .(jpg|jpeg|png|gif)$ – [F,NC] |
D. Force HTTPS (Redirect HTTP to HTTPS)
Ensure your visitors always use a secure connection:
| RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R=301,L] |
E. Disable Directory Browsing
Hide your directory contents if no index file exists:
| Options -Indexes |
Step 5:
1. Click Save Changes after adding your security rules.
2. Refresh your website and test each function (e.g., HTTPS redirect, directory protection).
3. If you encounter a 500 Internal Server Error, double-check syntax and restore from your backup.
Conclusion:
The .htaccess file is one of the simplest yet most powerful tools for securing your website. By using cPanel’s File Manager, you can easily control access, enforce HTTPS, and block unwanted visitors — all without needing advanced Linux skills.
Implementing these configurations ensures your website remains safe, stable, and secure from common web threats.