Skip to main content


Configuring Next.js app for redirection while whitelisting specific IPs.

Configuring Next.js app for redirection while whitelisting specific IPs.

Below is the code that enables the execution of a Next.js application for specific IP addresses while redirecting other users to the primary website.


#RewriteEngine On
## WH
RewriteCond %{REMOTE_ADDR} !10\.10\.10\.10$
RewriteCond %{REMOTE_ADDR} !11\.11\.11\.11$

RewriteRule ^(.*)$$1 [L,R=301]

Title: Redirecting All Users to HTTPS, Except for Specific IPs Using .htaccess

In web development, sometimes you may want to redirect all users accessing your website to a specific URL, such as However, there might be certain cases where you need to exclude specific IP addresses from this redirection. In this article, we will explore how to achieve this using the .htaccess file.

NextJs htaccess setting

The content of the .htaccess for nextjs application is

# Redirect traffic to your port 3001
RewriteEngine On
RewriteBase /
RewriteRule ^(.*)?$$1 [P,L]

to exclude a file from this rule (EX: test.txt) we can add this like 

RewriteCond %{REQUEST_URI} !test\.txt [NC]


Full Code

Block wp-includes folder and files Wordpress

To hide sensitive files in the wp-includes folder, add the following code to the .htaccess file in the root of your site:


# Block wp-includes folder and files
 <IfModule mod_rewrite.c>
 RewriteEngine On
 RewriteBase /
 RewriteRule ^wp-admin/includes/ - [F,L]
 RewriteRule !^wp-includes/ - [S=3]
 RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
 RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
 RewriteRule ^wp-includes/theme-compat/ - [F,L]

Prevent execute PHP file in wp-content/uploads directory

wp-content/uploads directory

your wpcontent/uploads directory should be considered a potential entry point and can be exploited for number of wordpress hacks . The biggest potential threat is the uploading of PHP files.

If you can browse /wpcontent/plugins/ – the enumeration of plugins and versions becomes much easier! Exploiting this can allow an attacker to obtain sensitive information that could aid in further attacks.

Block Some Bots using htaccess

A lot of time we get many requests from some bots we do not need here you can block them from htaccess file 


<IfModule mod_setenvif.c>
  SetEnvIfNoCase User-Agent (SemrushBot|Semrush|python-requests|sqlmap|wordpress|apachebench) bad_user_agents

  Order Allow,Deny
  Allow from all
  Deny from env=bad_user_agents

Wordpress htaccess configuration

as you know that WordPress is one of the most famous CMS in the world but unforunatily it is not secure enough and we have to protect it somehow abd also we need to setup some cache configuration in the htaccess

First thing you need to do is to disable directory listing by adding this line to .htaccess

Options All -Indexes


the other thing you need to do is to setup the objects cache (image/css files/ js files)

this is one of the best code we can use