How To Prevent Access to any Risky Files Like php.ini,.env file of Laravel,wp-config of Wordpress using Htacess.

You Application is on very high risk,if Someone can access risky file like php.ini,.env file of Laravel,wp-config of Wordpress via a browser.In this section we will learn how to protect them using htacess.

Protecting the php.ini file

To Protect php.ini go to public_html folder of your hosting provider and Add following code in htacess file.

<Files php.ini>
Order allow,deny
Deny from all
</Files>
Protecting .env file of Laravel

If you are laravel developer then you certainly is familiar with a file named as .env file. We use this file to store secret information like database connection, mailer information and payment gateway information etc.

To Protect .env go to public_html folder of your hosting provider and Add following code in htacess file.

<Files .env>
Order allow,deny
Deny from all
</Files>
Protecting wp-config of Wordpress

To Protect wp-config file add this snippet to your site's root .htaccess file.

<Files wp-config.php>
Order allow,deny
Deny from all
</Files>