A couple nights ago, I modified the .htaccess files on my blogs in order to add better security for WordPress.
ThematoSoup.com has written an excellent piece on how to do this, but I still encountered a few difficulties…
I
The first problem was a syntax issue. Under their heading, Prevent Directory Browsing, ThematoSoup.com has the following code:
Options All -Indexes
I won’t say this is wrong, but it does give an error on my site host (GoDaddy).
TheSiteWizard also has a page on how to prevent a directory listing of your website, and here he omits the All modifier. This seemed to work much better for me:
Options -Indexes
II
The second problem was another syntax issue. Under their heading, Protect /wp-content Directory, ThematoSoup.com has the following code:
order deny,allow
Again, this yielded an error. But altering the sequence in which deny and allow occur in the line corrects the problem:
order allow, deny
III
The final problem was noticed a day after all the .htaccess modifications were made. Quite inexplicably, the Xorbin Flash Clock plugin ceased to display on my general interest blog!
Eventually I realized that this issue was caused by the Protect /wp-content Directory code. For most users, the code in this line should work perfectly well:
<files ~ ".(xml|css|jpe?g|png|gif|js)$">
However, WordPress users that are utilizing Flash plugins will need to add the swf extension (thereby allowing access to Flash swf files). This yields the following code:
<files ~ ".(xml|css|jpe?g|png|gif|js|swf)$">
Postscript: JavaScriptKit.com has much more information about .htaccess, which is well worth reading.