.htaccess is among the most critical files in WordPress. It is solely responsible for defining your server’s rules and controlling files and folders of your WP site. Moreover, the htaccess file for WordPress also plays a pivotal role in enhancing WordPress security and optimization.
This blog will discuss tips and tricks for using the .htaccess file for WordPress for security, redirection, and optimization. But before we move on to the tips, let’s find out what htaccess file for WordPress is?.
Table of Contents
What is a . htaccess File
.htaccess is a configuration file. You can use it to implement changes in the functions of the server. The word .htaccess is used for “hypertext access.” You can locate the .htaccess file for WordPress in the root folder of your WP site.
1- How to Secure WordPress Through .HTACCESS File
Security is a prime concern for a WordPress site. Following are some of the most useful default htaccess WordPress tricks you can add to have additional protection layers to your WordPress folders, admin area, and plugin files.
Protect Your WordPress Admin Area
Protecting your WordPress admin area through .htaccess to restrict IP access to WP-admin is possible. The directory concerning wp-admin carries every file needed to run the WP dashboard.
The WP-admin directory includes administrative functions like plugin usage, themes installation, post writing, etc. Allowing only limited IP addresses to access the wp-admin directory will help you protect your WP website from hackers.
To restrict IP access to the admin area, simply copy and paste the below-mentioned WordPress htaccess code to your htaccess file for wordpress.
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName “WordPress Admin Access Control”
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
# whitelist User1’s IP address
allow from xx.xx.xx.xxx
# whitelist User2’s IP address
allow from
# whitelist User3’s IP address
allow from xx.xx.xx.xxx
# whitelist User4’s IP address
allow from xx.xx.xx.xxx
# whitelist User5 IP address
allow from xx.xx.xx.xxx
</LIMIT>
If you see the above codes, ‘user 1’, ‘user 2’ etc., are the user Ips that you have allowed to access your WP-admin. They can be anyone like contributors, admins, editors, visitors, etc. Remember to replace ‘xx.xx.xx.xxx’ with the allowed IPs or your IP.
Use Password Protection to your WordPress Directories
It is possible to use the .htaccess file to insert an added password protection to your WP directory. All you need is to:
· Generate a .htpasswd file through htpasswd-generator.
· Upload the htpasswd file to the WP-admin folder
· Make a .htaccess file and upload it in the wp-admin directory
Insert the below-mentioned WordPress htaccess code in the .htaccess file for WordPress:
AuthType Basic
AuthName “Restricted Area”
AuthUserFile /home/public_html/wp-admin/.htpasswd
require valid-user
Don’t forget to replace “AuthUserFile” with the htpasswd file.
Disable Directory Browsing
Disability of directory browsing is possible. It means all the files and folders in the web server’s root are listed; any visitor can access this. Disable directory browsing prevents hackers from intruding into your file structure and directory to detect a vulnerable file.
For disabling directory browsing in WordPress, you need to insert the following WordPress htaccess code in the .htaccess file for WordPress:
Options -Indexes
Disable PHP Execution in Specific Folders
Hackers generally upload backdoor files into the wp-content/uploads or wp-includes folders to execute the PHP files. The execution of these folders aims to damage your website.
To disable PHP execution through the .htaccess file, you have to:
Make a blank .htaccess file.
Please save the file and upload it to WP-includes and WP-content/upload folders.
Add the below codes to the file:
<Files *.php>
deny from all
</Files>
Secure wp-config.php file
wp-config.php is among the essential files as it carries the access credentials, database name, and other critical data.
To secure the wp-config.php file, you may insert the following codes to the .htaccess file. The codes help to stop access to the wp-config.php file.
<files wp-config.php>
order allow,deny
deny from all
</files>
Secure WordPress Plugin Files
As mentioned earlier, plugins are a double-edged sword as they can be helpful and can be a loophole for intruders. To prevent direct access to your WP plugin files, copy and paste the following codes to your .htaccess file:
<files ~ “.(js|css)$”=”&”.(js|css)$&”>
order allow,deny
allow from all
</files>
2- How to Optimize WordPress Through HTACCESS file for WordPress
Enable Browser Caching
After enabling browser caching, you can allow visitors to save photos from your web page. It means they won’t need to download the same data when revisiting your site. This can contribute to speeding up your WP site.
To enable browser caching, you need to add the following WordPress htaccess code lines into your .htaccess file for WordPress:
## EXPIRES CACHING ##
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg “access 1 year”
ExpiresByType image/jpeg “access 1 year”
ExpiresByType image/gif “access 1 year”
ExpiresByType image/png “access 1 year”
ExpiresByType text/css “access 1 month”
ExpiresByType text/html “access 1 month”
ExpiresByType application/pdf “access 1 month”
ExpiresByType text/x-javascript “access 1 month”
ExpiresByType application/x-shockwave-flash “access 1 month”
ExpiresByType image/x-icon “access 1 year”
ExpiresDefault “access 1 month”
</IfModule>
## EXPIRES CACHING ##
Automatically Correct URL Typo
This tip is magic for those who misspell your URL and become unable to access your page. By adding the following wordpress htaccess code lines into your .htaccess file for WordPress, you can create a Check Spelling directive that aids in correcting typos. The following WordPress htaccess code lines can work effectively for small typo mistakes, not gross blunders.
<ifmodule mod_speling.c>
check spelling On
</ifmodule>
Include a Forward Slash to the End of URLs
URLs having a trailing slash like this “url.com/abc/” shows a directory. URLs without a forward slash, like “url.com/abc,” typically indicate a file. So, two look-alike URLs can show different content and produce opposite and different experiences. Also, your website might involve duplicate content issues if your website’s URLs are inconsistent.
Including the following WordPress htaccess code lines in your .htaccess file for WordPress can standardize your URLs. Standardization will force your web pages to end with a slash.
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !#
RewriteCond %{REQUEST_URI} !(.*)/$
RewriteRule ^(.*)$ http://domain.com/$1/ [L,R=301]
Personalize Permalinks for Effective URLs
You can use the htaccess file for WordPress to edit and personalize permalinks for SEO-friendly URLs. By inserting some codes, you can replace boring numbers and strings of symbols with relevant keywords. Customized permalinks offer you to create a clean URL for organic and high search visibility.
Following are the WordPress htaccess code lines for customizing permalinks through default htaccess WordPress file:
# BEGIN WordPress
<ifmodule mod_rewrite.c=”mod_rewrite.c”>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</ifmodule>
# END WordPress
Increase Upload Size of PHP Files
WordPress generally sends messages of “exceeds the maximum upload size for this website” or “warning content-length of bytes exceeds the limit” whenever you need a larger file to upload.
By using the following WordPress htaccess code lines, you can ask your server to increase the file upload size on your .htaccess file for wordpress:
php_value upload_max_filesize 64M
php_value post_max_size 64M
php_value max_execution_time 300
php_value max_input_time 300
3- How to Control Redirects Through .HTACCESS Files
Redirect WWW to Non-WWW and Vice Versa
There are two versions of WordPress domains, “www” and “non-www”? Thus, you have to choose only one to avoid any possibility of “duplicate content.”
If “non-www” is your priority, you have to redirect “www” to “non-www” through the following code lines to your htaccess file for wordpress.
RewriteEngine On
RewriteCond %{HTTP_HOST} !^your-domain.com$ [NC] RewriteRule ^(.*)$ http://your-domain.com/$1 [R=301,L]
For using ‘www,’ add the following codes to the .htaccess file for WordPress for redirecting ‘non-www’ to ‘www.’
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
Redirect HTTP to HTTPS using .HTACCESS file in WordPress
This technique checks whether your HTTPS is enabled on the server or not. If it is enabled, it will redirect the request to your site’s homepage.
IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} ^on$ [NC]
RewriteCond %{QUERY_STRING} !https-is-on [NC]
RewriteRule (.*) /?https-is-on [R=301,L]
</IfModule>
To redirect every request to the HTTPS protocol (when HTTPS is enabled); you can use the following:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>
Redirect from an Old to a New Domain
It is quite common to redirect site visitors to a new location. You can use the below rule for this:
# redirect from old domain to new domain
RewriteEngine On
RewriteRule (.*) http://www.new-domain.com/$1 [R=301,L]
How To Edit .Htaccess With Cloud Pages
To edit your .htaccess using CloudPages, first, you need to reach the dashboard through the server as per the following screenshot:
Now, click the ‘file manager’ of the website
Now, that you have reached the public_HTML file, here you will find your .htaccess file. Do whatever changes you want:
Now save all the changes:
.Htaccess Rule to Remember
Litespeed interface is fully supported by .htaccess while OpenLite interface is not supported.
Conclusion
We have disclosed the top .htaccess tricks you may need for your WordPress site. With these excellent .htaccess tips, you can use them to secure, optimize, and redirect the WP site. Also, ensure you don’t take any chances with the htaccess file for wordpress. A single error can damage your website, and thus, it’s important to make a backup of your .htaccess file for wordpress and track all your changes.