Protecting a folder or a directory on your website is easier than you may think with htaccess.
FTP Program
It really involves one little file to be uploaded via your FTP program or https://filezilla-project.org/
Creating a .htaccess file
We need to create a dot htaccess file “.htaccess” in the directory we want to protect. The .htaccess file will affect the current folder it is in, and all sub-folders.
This method will work if you know something about your IP.
.htaccess files are a feature of Apache and similar web servers.
Finding Your IP
To findout your IP just go to a search engine and type in “what is my IP” in the search query.
You will find that by clicking anyone of those active listings the sites that provide an IP will return to you the IP you’re connecting with.
Dynamic IPs versus Static
There are some ISP’s (internet service providers) who provide a dynamic IP. This means you are allocated a differnt IP each time your ADSL modem makes a connection with your ISP. With these types of ADSL connections you will eventually need to use your proxy’s IP or enter a broader coverage of IPs that you are likely to receive from your ISP.
For example lets say you IP is shown as 123.123.123.77.
Each time you’re connected you may receive any one of these IP range ie. 123.123.123.1 – 123.123.123.255
In this case we will need this information to create the correct entries within our .htaccess file
Here’s the basic entries that will need to be entered in the .htaccess file, there should be no leading spaces within the htaccess file.
Order Deny,AllowDeny from all
Allow from 123.123.123
If on the other hand your IP pool encompassed a wider range
i.e, 123.123.122.1 – 123.123.124.255
Then the entrie to encode would be something like
123.123.122 123.123.123 123.123.124So your overall .htaccess file would be
Order Deny,AllowDeny from all
Allow from 123.123.122
Allow from 123.123.123
Allow from 123.123.124
This type of protection will stop any foreign IPs from even getting a peek at the directory even if they know the links.
I use this method to stop any IPs from trying to login to my login forms on my sites. This is a great way with very low overhead on the server to deter would be breakins to the backend of your wordpress sites.
It makes a lot of bots scratch their heads as to why their algorithm does not work.
Cheap and powerful way to secure a directory from external users.