Securing your .htaccess files is crucial for protecting your hosting environment. These hidden configuration files control important server behaviors, and restricting access to them prevents unauthorized viewing or modification. This guide shows you how to add protection rules directly through cPanel File Manager.
How to Do It
-
Step 1: Access cPanel File Manager
Sign in to your cPanel account and launch File Manager from the Files section.
-
Step 2: Locate and Edit .htaccess
Navigate to your website's root directory (typically
public_html) and open the.htaccessfile for editing. If hidden files aren't visible, enable "Show Hidden Files" in File Manager settings. -
Step 3: Add Access Restriction Code
Add the following code to the end of the file:
# Disallow access to hidden files, which begin with a dot (.)Order allow,deny Deny from all This rule blocks HTTP access to all files starting with a dot, including
.htaccess,.htpasswd, and other hidden configuration files. -
Step 4: Save Changes
Click "Save Changes" and close the file editor. The protection takes effect immediately.
Server-Wide Protection
If you have a VPS or dedicated server and want to protect hidden files across all hosted sites, edit /home/.htaccess instead and add the same code there. This applies the restriction globally rather than per-site.