Deny access to files using .htaccess

Call Us 0800 107 7979

Service Status

Back to knowledgebase

17 December 2021

This article looks at Apache’s Files and FilesMatch directives. Both are used to allow or deny access to files on your website.

Managing access to specific files

The Files directive specifies a file, and inside the directive you define one or more actions. You can use this to deny access to a file. For instance, you might have a phpinfo.php file that contains lots of details about your website’s PHP configuration. You can block access to the file with this rule:

<Files "phpinfo.php">
  Require all denied
</Files>

Here, I used the same syntax I used in the article about denying access to an IP address. If you want to allow only a single IP address to access the file then you can add a Require ip rule:

<Files "phpinfo.php">
  Require all denied
  Require ip 1.2.3.4
</Files>

You can do the same for other sensitive files, such as the wp-login.php and xmlrpc.php files on WordPress websites.

Matching files using regular expressions

The FilesMatch directive lets you specify files using a regular expression. A good example is the WordPress Toolkit rule that denies access to PHP scripts in the wp-content/uploads directory:

<Directory "/home/example/public_html/wp-content/uploads">
  <FilesMatch \.php$>
    Require all denied
  </FilesMatch>
</Directory>

Note that the FilesMatch directive is nested inside a Directory tag. That means the rule is only valid inside the uploads directory. The regular expression is simply \.php$. As you can probably guess, that matches files with the extension .php.

If you are not familiar with regular expressions, the dot needs to be escaped because it has a special meaning: it matches any single character. The stroke escapes the dot, so that it is interpreted as a literal dot. The dollar sign is an anchor that denotes the end of the string.

In the same way you can deny access to specific PHP files. For instance, this rule denies access to wp-login.php and xmlrpc.php but allows access for the IP address 1.2.3.4:

<FilesMatch (wp-login|xmlrpc)\.php$>
  Require all denied
  Require ip 1.2.3.4
</FilesMatch>

Featured Blogs

How to Choose a Dedicated Server for UK Businesses

16th December 2024

By catalyst2 Team

Dedicated servers offer numerous advantages for businesses, including optimal performance, speed, reliability, and enhanced security. However, choosing a dedicated server provider for a business can be a challenging task, especially if you’re unsure what factors to consider. Dedicated server requirements will differ based on your type of business type, whether you’re in e-commerce, gaming, media, …

Read Article

Comparing Dedicated Servers with VPS Hosting

25th November 2024

By catalyst2 Team

Many businesses begin by managing their own websites or using shared hosting, but as their needs grow, they often require a more robust solution to enhance performance, security, and speed. Whether you run an e-commerce store, an online gaming platform, an IT consultancy, or a news website; increased traffic and business growth may lead you …

Read Article

Why Choose UK Dedicated Server Hosting for Your Business?

19th November 2024

By catalyst2 Team

As companies scale their operations and seek to maintain a seamless online presence, many consider upgrading to a dedicated server. This option offers greater control, enhanced security, and improved performance; all crucial elements for growing businesses. Given these advantages, it’s no surprise that dedicated server hosting has become a popular choice. Deciding if it’s worth …

Read Article

Managed Dedicated Server Hosting for eCommerce Businesses in the UK

5th November 2024

By catalyst2 Team

As more UK shoppers increasingly turn to online platforms to make their purchases, having a good online platform as an eCommerce business is essential. As your eCommerce operation grows, you may encounter challenges such as higher traffic, slower loading times, and potential security issues, all of which can negatively impact the visitor experience on the …

Read Article

How Managed Dedicated Servers Can Elevate Your Online Security

29th October 2024

By catalyst2 Team

Businesses today are confronted with an increasing array of online threats that can compromise sensitive data, disrupt operations, and harm reputation. As cyber threats continue to grow in both frequency and sophistication, the potential for online breaches can pose a significant risk to any business. Failing to implement robust security measures can lead to data …

Read Article

Managed vs Unmanaged Dedicated Servers; Which is Right for Your Business?

7th October 2024

By catalyst2 Team

Many businesses rely on hosting providers for dedicated servers to ensure optimal performance, security, and control. Unlike shared hosting, where resources are divided among multiple users, a dedicated server offers exclusive access to all of the server’s resources. This makes it ideal for businesses that experience high traffic, require substantial resources, or operate in data-sensitive …

Read Article

Dedicated Server Basics; Everything You Need to Know

2nd October 2024

By catalyst2 Team

With businesses receiving more traffic on their websites than ever before, as more people engage online, the need for a dedicated server has become vital. While smaller businesses can often use shared hosting and virtual private servers, larger businesses with high traffic typically require more advanced and comprehensive hosting solutions; dedicated servers emerge as the …

Read Article

Tips for Creating a User-Friendly Website

11th September 2024

By catalyst2 Team

When designing a website, prioritising user-friendliness is crucial for success, especially for businesses offering products or services. A user-friendly website is not just nice-to-have; it’s a necessity. It ensures that visitors can easily navigate your site, enjoy a visually appealing interface, experience fast loading times, and seamlessly interact with the content. However, creating a user-friendly …

Read Article

Discussing the Importance of Server Scalability for Business Growth

5th September 2024

By catalyst2 Team

For business growth, meeting the increasing demands of customers can be challenging. It’s essential to keep pace with these demands without compromising on performance. As a business expands, it typically encounters higher traffic volumes, larger data storage needs, and the requirement to support more complex applications which is where server scalability becomes crucial. Server scalability …

Read Article

Effective Ways to Improve the Credibility of Your Website

20th August 2024

By catalyst2 Team

Now, more than ever, the credibility of a business’s website is crucial for building trust with the target audience and achieving business goals. A credible website not only attracts visitors but also keeps them engaged, encourages conversions, and encourages long-term relationships. A strong online presence is essential for businesses to thrive and compete effectively. Investing …

Read Article

What our clients say

We really rate catalyst2. We get a great response from the team… really happy with the service.

Mike Fieldhouse, realityhouse

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.

Necessary

Always Enabled

Functional

Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.

Cookie	Duration	Description
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	2 years	LinkedIn sets this cookie to store performed actions on the website.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Performance

Analytics

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_5562310_11	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Others

Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.

Cookie	Duration	Description
_ashkii	session	No description available.
_wicasa	3 months	No description available.
AnalyticsSyncHistory	1 month	No description
cookid	3 months	No description available.
cookietest	session	No description
crisp-client/domain-detect/1644827320973	session	No description
crisp-client/domain-detect/1644827348275	session	No description
crisp-client/domain-detect/1644827428415	session	No description
crisp-client/domain-detect/1644827479357	session	No description
crisp-client/domain-detect/1644827596454	session	No description
crisp-client/domain-detect/1644827724838	session	No description
crisp-client/domain-detect/1644827824383	session	No description
crisp-client/domain-detect/1644827878659	session	No description
crisp-client/domain-detect/1644828716243	session	No description
crisp-client/domain-detect/1644828846246	session	No description
crisp-client/domain-detect/1644829369013	session	No description
crisp-clientsession30cc6953-ebcf-4bc6-b649-c44eb446409e	6 months	No description
dbmFP	3 months	No description available.
dbmPK	3 months	No description available.
li_gc	2 years	No description