The blog of Ross Fruen, a .NET consultant

Using .htaccess to secure FlatPress websites

Sunshine recently sent a question through regarding FlatPress security.

First follow the configuration steps in the FlatPress Wiki to setup appropriate folder and file permissions. Permissions on an existing installation can be reset from the "Maintain" section in the Administration area.

After access permissions have been set it is still possible to browse the FlatPress folders on your webserver. Although it could be argued this is not a security hole, it pays to be safe.

To prevent the FlatPress files and folders being browsable it is necessary to modify the .htaccess file in the root of your FlatPress installation. The following entries are one possible solution:

# prevent folder listing
IndexIgnore *
<Files 403.shtml>
order allow,deny
allow from all

Further solutions are available from The Ultimate Htaccess Guide

Add a comment

If you want your comment to appear on this page please complete the form below. Your name and email address are optional, although the latter will be required if you want a response. Your email address will not appear against your comment and will only be used to correspond with yourself (where appropriate).


Thank you for submitting your comment, it will appear here after moderation is complete.


There was a problem sending your comment, please try again.