.htaccess files (or “distributed configuration files”) provide a way to make configuration changes on your Wordpress site on a per-directory basis. A .htaccess file, containing one or more configuration directives, is placed in a particular document directory on your Wordpress site, and the directives apply to that directory, and all subdirectories thereof. Using directives in .htaccess, you can block spam, secure your website, and control other website actions.
Wordpress out of the box is fairly secure but there are still some pretty big holes. In addition, hosting environments and installation requirements often introduce gaping security holes in the Wordpress framework. Below are a few best practices to help secure your Wordpress framework.
I recently moved several WordPress blogs from DreamHost to a new 1and1 Virtual Private Server installation. Here are directions and screenshots of the move along with notes on problems that I ran across (and the resolution I found). I moved from a DreamHost shared host plan that killed scripts when memory consumption exceeded 100MB to a 1and1 VPS solution that provides 4,000MB of burst RAM.