Securing htaccess

The Why & the How

The Idea

With the recent launch of Google’s official SEO Guide for startups, a well thought out document detailing the basics of what (and what not) to do when optimizing your site for Google’s organic search, the idea came to me for this post. In the document, htaccess was referenced as something to use if you want to password protect your directories, ideally to prevent indexing and possible snooping of content, by visitors (or bots) to your site. For whatever reason, you may not want this content left out in the open for all to see.

Using htaccess to Secure Data, but is your htaccess Secure?

Securing your directories by using htaccess is one idea, but the issue is, your htaccess file may not be secured in of itself. This poses a problem with a potential security breach waiting to happen. If someone knows where to look to find the htaccess file on your site, your passwords could be stolen and used to obtain the data you thought was kept away from visitors to your site, in a safe place.

The Solution

Luckily there is a way to keep your htaccess file secure and safe from prying eyes, and it doesn’t involve modifying the httpd.conf or httpds.conf, which you may not have access to. First and foremost, make sure that your permissions, or CHMOD, for your htaccess file is set to 644. Absolutely do not set it to 777, which will not only make it publically viewable, but writable as well! This you want to avoid. The other step to securing htaccess, is to add some code to the top of the file, like so:

<Files .htaccess>
order allow,deny
deny from all
</Files>

Why not take the time to make sure your htaccess file is secure now. Once you’ve made these changes, your htaccess will be that much safer, and secure.

CMA