The .htaccess file is one of the most versatile tools available to WordPress site owners. It’s a configuration file that offers a variety of options to control how your site interacts with the server, improving functionality, security, and performance. In this guide, we’ll explore some of the most common .htaccess rules and demonstrate how you can use them to enhance your WordPress website.
What Is the .htaccess File?
The .htaccess file is one of WordPress’s core files, designed to interact with your server to control how URLs are rendered, manage redirects, and more. It’s a configuration file used by web servers running Apache or Apache-based configurations.
How to Access Your .htaccess File
To access the .htaccess file:
- Use an FTP client like FileZilla or the file manager in your hosting provider’s control panel.
- Navigate to the root directory of your website (often public_html).
- Look for the
.htaccessfile. If you don’t see it, enable the option to show hidden files. - Download and edit the file using a text editor.
Note: Always back up your website and the .htaccess file before making changes. This ensures you can restore your site quickly if anything goes wrong.
Default WordPress Rewrite Rules
When WordPress is installed, a default set of rewrite rules is included to handle permalinks and ensure smooth navigation. Here’s what the default .htaccess file typically looks like:
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPressThese rules handle pretty permalinks, ensuring your URLs look clean and SEO-friendly.
WordPress Multisite Rewrite Rules
Subdirectory Configuration
If you’re running a WordPress Multisite installation with subdirectories for each site, the rewrite rules are slightly different:
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
# Add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
RewriteRule . index.php [L]Subdomain Configuration
For a subdomain-based Multisite installation, the rules adjust to handle different site URLs:
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
# Add a trailing slash to /wp-admin
RewriteRule ^wp-admin$ wp-admin/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
RewriteRule ^(.*\.php)$ $1 [L]
RewriteRule . index.php [L]Common .htaccess Use Cases for WordPress
Beyond default settings, the .htaccess file offers a range of customization options to improve your WordPress site. Let’s explore some of the most common applications.
Redirect Visitors to a Custom Error Page
Instead of showing a generic 404 error page, you can redirect visitors to a custom error page for a better user experience. Add the following to your .htaccess file:
RewriteEngine On
Redirect 301 /old-url/ http://example.com/new-url/Replace /old-url/ and http://example.com/new-url/ with the relevant paths.
Ban Specific IP Addresses
If you need to block malicious visitors, you can ban their IP addresses with this rule:
Require all granted
Require not ip xxx.xxx.xxx.xxxReplace xxx.xxx.xxx.xxx with the IP address you want to block.
Password Protect Your WordPress Folders
To secure sensitive directories like wp-admin, you can password protect them. Start by creating an .htpasswd file containing usernames and encrypted passwords. Then, upload it to your server and add the following code to .htaccess:
AuthName "Restricted Area"
AuthUserFile /path/to/.htpasswd
AuthGroupFile /dev/null
AuthType Basic
Require valid-userReplace /path/to/.htpasswd with the correct path to your .htpasswd file.
Increase WordPress File Upload Size
Need to upload larger files? You can increase the upload limit with these directives:
php_value upload_max_filesize 128M
php_value post_max_size 128M
php_value max_execution_time 300
php_value max_input_time 300Always check with your hosting provider before implementing this change to avoid potential conflicts.
Disable Image Hotlinking
Prevent other sites from using your server bandwidth by hotlinking to your images:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?example.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [F]Replace example.com with your domain name.
Rules Not Working?
If your .htaccess rules aren’t working, consider the following:
- Check for Disallowed Rules: Some hosting providers block certain directives for security reasons. Commonly disallowed rules include:
AddHandlerSetTypephp_value
- Triple-Check Syntax: Typos are a common issue. Ensure your rules are correctly formatted.
- Hosting Environment: If your site runs on NGINX-only mode,
.htaccesswon’t be applied. Instead, configure NGINX directly. - Permissions: Ensure the
.htaccessfile has the correct permissions (644 is typical).
If issues persist, consult your hosting support team for assistance.
Final Thoughts
The .htaccess file is a powerful tool that can significantly improve your WordPress site’s functionality, security, and performance. From custom redirects to preventing hotlinking, its versatility makes it invaluable for any site owner. However, always back up your site before making changes and consult your hosting provider when in doubt.
