What is .htaccess? In several web servers (most commonly Apache), .htaccess (hypertext access) is the default name of a directory-level configuration file that allows for decentralized management of web server configuration. Read full in wikipedia. Back to the topic what should we do to stop hackers controlling our admin area?

There is lots of technique, what I write in here just some technique using .htaccess files:

1. Protected your wp-login.php files.

<Files wp-login.php>
Order deny,allow
Deny from All
Allow from xxx.xxx.xxx.xxx
</Files>

Where xxx.xxx.xxx.xxx is your IP, if you meet problem to know your IP just look on IPchicken.com

2. Protected your wp-config.php

Wp-config is vital configuration files for wordpress, it should secured to stop people viewing it’s content.

<files wp-config.php>
order allow,deny
deny from all
</files>

3. Protected your wp-comment-post.php

Even if you’re using Akismet plugins, to reduce spambot post via remote access you can use this code. (Change yourblog.com with your own domain name)

RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*yourblog.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

4. Protected .htaccess file.

This code will protect all files with “.hta” string on it.

<Files ~ “^.*\.([Hh][Tt][Aa])”>
order allow,deny
deny from all
satisfy all
</Files>

After using this tips the hackers can’t controlling my wordpress admin panel again hahaha! he try to inject using wordpress bug but when I limited IP to access admin panel he’s cry *lol* yay, I win! finally I beat this noob *lol*

Looks like they was thinking I’m joke? hell no I’m not joke this time *bad temperament lol* I banned all they IP from accessing my website. I don’t care about traffic may decrease for a weeks this stupid guys group must be stopped!

I searching the way to do it and i found it lately to play with simple .htaccess file to stop this noob from spamming..

blocking their IP using this sample code:

## USER IP BANNING
<Limit GET POST>
order allow,deny
deny from 123.123.123.123
deny from 123.123.123.
deny from 123.123.
deny from 123.
allow from all
</Limit>

Read the rules:

123.123.123.123 (Blocks a specific IP address)
123.123.123. (Blocks ALL IPs within the range 123.123.123.xxx)
123.123. (Blocks ALL IPs within the range 123.123.xxx.xxx)
123. (Blocks ALL IPs within the range 123.xxx.xxx.xxx)

I recommended you to blocks specific IP adress to minimize your lost traffic.

Now for disable hotlinking from bandwith stealer use this sample code:

## DISABLE HOTLINKING
RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourotherdomain.com/.*$ [NC]
RewriteRule \.(gif|jpg|jpeg|png|js|css)$ – [F]

Read the rules:

yourdomain.com and yourotherdomain.com is allowed site that can show hotlinking files you can use your hosting IP address too.

gif|jpg|jpeg|png|js|css is file (extension) that should be disallowed from hotlinking:

Banned bad referrer using this sample code:

## SITE REFERRER BANNING
RewriteEngine on
# Options +FollowSymlinks

RewriteCond %{HTTP_REFERER} badsite\.com [NC,OR]
RewriteCond %{HTTP_REFERER} badsite\. [NC,OR]
RewriteCond %{HTTP_REFERER} sub\.badsite\.com [NC]
RewriteRule .* – [F]

Read the rules:

badsite.com (Blocks traffic coming from badsite.com)
badsite. (Blocks traffic coming from all varieties of badsite.xxx, such as badsite.com, badsite.net etc)
sub.badsite.com(Blocks traffic coming from sub.badsite.com
You can use IP adress too.

That’s all for today, have a nice day

If you want people back to your site you should make an code to stop hotlink files and give warning message on it… like my very easy sample

I made an warning message in some of my site to stop hotlink, photoshop images are good but I prefer html/flash files with click action script so when people click on it it will redirect to your own site.

Once you make your own warning message time to edit .htaccess files and put this code:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?YOURSITE.com [NC]
RewriteRule \.(swf|jpg|gif|etc)$ hotlink.jpg [NC,L]

Edit the word with bold red colors to fit your configuration. This code will stop all hotlink from ANYSITE except YOURSITE.

If you just want to specify which site not allowed to hotlink you can write code like this:

RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http://www.SOMESITE.com [NC]
RewriteRule \.(swf|jpg|gif|etc)$ http://yoursite.com/hotlink.jpg [R]

Edit the word with bold red colors to fit your configuration. This code will stop all hotlink from SOMESITE.

Look on this sample site(still there lot),  They not giving link-back to my site so I stop hotlink from they site, If they give link-back I may permitted they use my bandwidth he he he.. is it really hard for send me email to ask my permission? *LOL* please stop thief my bandwidth

http://www.projuegos.com/juegos/bigdiamond/diamond.php
http://www.baixakijogos.com.br/flash/teenage-mutant-ninjaturtles/index.html
http://www.tuttogratis.it/giochi_gratis/mico_maco/

Enjoy

Organic traffic from search engine are the best. Most of webmaster looking for traffic from search engine but they don’t know how to get it.  I know it’s hard, really hard. Beside the topics, keywords, etc most of important thing we almost forgot it is the friendly search engine link.

Most of great search engine love to indexed permanent link (permalink) example http://www.mysite.com/mypage/ or http://www.mysite.com/mypage.html more than dynamic URL example http://www.mysite.com/index.php?page=page1 etc. Even google and most great search engine claim their robot will crawl dynamic URL but most of people doesn’t like it in result. By make your URL friendly will also raised CTR on SERP.

* You should know URL Friendly will not affect on your search engine position ranking.

So let try to make simple Friendly URL using URL rewrite. First write this code on your .htaccess file (you can find this hidden file usually in your website root)

RewriteEngine On
Options +FollowSymLinks

//creating /mypage.html format
RewriteRule ^([0-9a-zA-Z-]+)/?/?.html$ /home/yourusername/public_html/index.php?page=$1

//creating /mypage/ format
RewriteRule ^([0-9a-zA-Z-]+)/?/?/$ /home/yourusername/public_html/index.php?page=$1

* Take attention on modification bold and red font, and in your index.php (Taken from my sample)

<?php

if(isset($_GET['page']))
$p = $_GET['page'];
else
$p = “0″;

switch($p) {
case “tentang-kami”: include(“./pages/tentang-kami.php”); break;
case “kenapa-kami”: include(“./pages/kenapa-kami.php”); break;
case “berita”: include(“./pages/berita.php”); break;
case “promosi”: include(“./pages/promosi.php”); break;
}

?>

Done, you will get friendly URL like this sample on 2 of my site in here and here just waiting until search engine indexed your page and send organic traffic for you. For real sample to make sure URL rewrite working take a look on this page and this page.

Good luck