How secure is .htaccess?

[Wanwan]

Hi,

 

I have a question regarding to .htaccess code that protect our directory or page. Is the .htaccess code is save to prevent hacker? If not, is there any tips or some routine changes or process we need to maintain?

[nocloo]

Hi,

 

I have a question regarding to .htaccess code that protect our directory or page. Is the .htaccess code is save to prevent hacker? If not, is there any tips or some routine changes or process we need to maintain?

Is is pretty safe if you don't put your passwd file in the root directory and make sure your password is includes mix chars ex "a&zn1aZn"

[Wanwan]

Is is pretty safe if you don't put your passwd file in the root directory and make sure your password is includes mix chars ex "a&zn1aZn"

 

 

Thank you, I got this concern because I am helping up a store doing that .htaccess protecting the unofficial people get into the admin page. If accidentally hacked by someone, I afraid the owner of the website blame me on not doing a good job in coding .htaccess, resulting some none happy situation.

[GraphicsGuy]

Is is pretty safe if you don't put your passwd file in the root directory and make sure your password is includes mix chars ex "a&zn1aZn"

 

Exactly.

 

Even better is to use the directory password protection capability of your web hosting control panel. This ensures that the password file is encrypted and stored outside of web accessbile folders.

 

If you are using a dedicated or virtual server, then you can place the encrypted password file outside of the web folders yourself giving the same level of security.

 

If you are on a shared server and your web hosting control panel doesn't provide the ability to password protect directories (most do) , then you can probably get your web host to help do that. (any good server administrator is going to be supportive of security because it helps prevent problems for them)