Ultimate guide to WordPress htaccess file

The Ultimate guide to WordPress htaccess file

The Ultimate guide to WordPress htaccess file -: .htaccess is one of the core files of any WordPress website. When we install WordPress on any hosting, WordPress automatically create this file. WordPress websites permalink structure is controlled by .htaccess file.

The .htaccess is a distributed configuration file and is how Apache handles configuration changes on a per-directory basis. .htaccess files can be used to alter the configuration of the Apache Web Server software to enable/disable additional functionality and features that the Apache Web Server software has to offer.

If you’re hosted on Nginx server then this file will be missing, instead of .htaccess, you will have a different file. WordPress uses this file to manipulate how Apache serves files from its root directory and subdirectories thereof. Most notably, WP modifies this file to be able to handle pretty permalinks. 

Importance of .htaccess file in WordPress-:

1.Improve your website security-:

Ultimate guide to WordPress htaccess file

htaccess file gets executed by Web server you can make changes to your htaccess file to secure your website. on my blog I have written many post to secure your WordPress website. Visit This Link to get all WordPress security related article i have posted on this blog.

2.Increase the load speed-:

Ultimate guide to WordPress htaccess file

Using htaccess file you can not only secure your WordPress website but also you can make your website load faster. one of the best methods to boost the loading time of your website is to enable Gzip compression. To know more read my complete guide on the Ultimate Guide to Enable Gzip compression in WordPress.

3. Set up redirects-:

Ultimate guide to WordPress htaccess file

If your web server is running Apache, you can easily redirect all of your HTTP traffic to HTTPS by adding the following code to your .htaccess file. This is the recommended method for redirecting WordPress running on Apache. It’s possible for a visitor to enter in a direct HTTP URL on your WordPress site, even when an SSL certificate is active. To force any HTTP request to redirect to HTTPS, you can add code to your WordPress .htaccess file. Add following code to .htaccess file

IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} ^on$ [NC]
RewriteCond %{QUERY_STRING} !https-is-on [NC]
RewriteRule (.*) /?https-is-on [R=301,L]

4.Disable PHP Execution-:

Ultimate guide to WordPress htaccess file

Restricting the execution of PHP code for all or selected directories of the WordPress website is an important WordPress website security practice. Create an htaccess file inside a folder where you don’t want to run PHP scripts, and add the below snippet in it.

<Files *.php>
deny from all

5.File Access Restriction-:

Ultimate guide to WordPress htaccess file

Restricting access to wp-admin is an important requirement, particularly when several team members are involved in website management and updates.In practical terms, this means that the users cannot access sensitive files such as plugins, themes, and assets folder. htaccess is a great way of protecting direct access to edit PHP files of plugins and themes, making it harder for hackers to inject malicious code. For this, just add the following lines to the file:

RewriteCond %{REQUEST_URI} !^/wp-content/plugins/file/to/exclude\.php
RewriteCond %{REQUEST_URI} !^/wp-content/plugins/directory/to/exclude/
RewriteRule wp-content/plugins/(.*\.php)$ - [R=404,L]
RewriteCond %{REQUEST_URI} !^/wp-content/themes/file/to/exclude\.php
RewriteCond %{REQUEST_URI} !^/wp-content/themes/directory/to/exclude/
RewriteRule wp-content/themes/(.*\.php)$ - [R=404,L]

6.Script Injection Protection-:

Ultimate guide to WordPress htaccess file

Script Injection is a notorious technique in which the attacker “injects” a malicious piece of code in the website code to extract data or to take over the website. Adding the following snippet in the WordPress .htaccess file can protect your site from such attacks.

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]

7.Block IP Address-:

Ultimate guide to WordPress htaccess file

If someone is abusing your website, continuously spamming or launching hacking attempts, their IP is visible in the WordPress admin panel. To block the IP, simply use the .htaccess file to control access to your website. Simply copy & paste the following snippet into the .htaccess file of your WordPress and this particular problem will go away. Remember to replace the sample IP with that of the spammer’s.

<Limit GET POST>
order allow,deny
deny from 123.456.78.9
allow from all

Thanks for reading…“Pardon my grammar, English is not my native tongue.”

If you like my work, Please Share on Social Media! You can Follow WP knol on Facebook, Twitter, Pinterest and YouTube for latest updates. You may Subscribe to WP Knol Newsletter to get latest updates via Email. You May also Continue Reading my Recent Posts Which Might Interest You.

About Amar Patel 263 Articles
Hi, I am Amar Patel from India. Founder, Author and Administrator of wpknol.com. I am a Simple Average Man who Loves life and Love living life.Professionally I am a Mechanical Engineer. Apart from my Job, I Love to write the things around WordPress WordPress CMS.