The best security configuration file for domains on the server!
Jan 10, 2026
168 views
I will walk you through the best htaccess code to protect the domain from attacks, prevent browsing sensitive files and folders, and allow certain specific settings.
In the FilesMatch line, you can specify your important files in order to protect them.
RewriteEngine On
Options -Indexes
<FilesMatch "\.(php|html|css|js|png|jpg|jpeg|gif|webp|svg|json)$">
Require all granted
</FilesMatch>
<FilesMatch "(\.env|\.htaccess|config\.php|db_credentials\.php|process_order\.php)$">
Require all denied
</FilesMatch>
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript
</IfModule>
<IfModule mod_headers.c>
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-XSS-Protection "1; mode=block"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
</IfModule>
In the FilesMatch line, you can specify your important files in order to protect them.
Join the Conversation
You must be logged in to post a reply and participate.