To enhance the security of your website, it's important to protect critical configuration files like .htaccess from public access. Without protection, malicious users could potentially read the file and exploit its contents.
Note: This rule should be used with care. While it's safe and widely recommended, misplacing or duplicating this directive can cause conflicts if not managed properly—especially if you have other rewrite rules or access rules in place. Always back up your .htaccess file before making changes.
Step 1. Log in to your cPanel account.
Step 2. Open the File Manager from the Files section.
Step 3. Navigate to your public_html directory (or the root of your website).
Step 4. If the .htaccess file is hidden, click on Settings in the top-right corner and enable Show Hidden Files (dotfiles).
Step 5. Right-click on .htaccess and select Edit. Then, add the following rule at the bottom of the file:
# .htaccess protection
order allow,deny
deny from all
satisfy all
This rule tells the web server to deny all direct access attempts to the .htaccess file, helping to prevent unauthorised users from reading or exploiting its content. It’s a simple but essential step in hardening your site’s security.