.htaccess Generator
Generate a WordPress .htaccess file with hardening rules, GZIP compression and browser caching — choose the rules you need and download in one click.
Free · No credit card · 50 credits/day
Rules you can include
Block xmlrpc.php
Deny all requests to xmlrpc.php. Eliminates brute-force amplification attacks and multicall password guessing that bypass rate limiting.
Protect wp-config.php
Block direct HTTP access to wp-config.php. Even if it's in the web root, this rule prevents anyone from requesting the file directly.
GZIP compression
Enable mod_deflate for HTML, CSS, JS, XML and JSON. Reduces page transfer size by 70–85% — significant performance improvement with no code changes.
Browser caching
Set Expires and Cache-Control headers for images (1 year), CSS/JS (1 year with ?ver= busting) and fonts (1 year). Reduces repeat visit load times.
Block author enumeration
Redirect /?author=1 requests to the home page. Prevents automated scanners from discovering WordPress usernames via the author query parameter.
Protect uploads from PHP
Block execution of PHP files inside /wp-content/uploads/. Prevents uploaded malware (disguised as images) from being executed as PHP scripts.
Frequently asked questions
Related WordPress tools
More tools for WordPress hardening.
Harden your server in one download
Free account. 50 credits per day. Access to 75+ tools instantly.
Create free account →