WordPress Hosting Coupon Code | 3 Months | 100% OFF Get Offer

WordPress .htaccess File: What It Is and What You Can Do With It!

Ahsan Parwez — August 20, 2019 9 Minutes Read
WordPress htaccess redirect http to https

What is WordPress .htaccess file? If you’re asking this question, then you’re already on the right track to become a great WordPress developer, because knowing what each file does in WordPress is important. And if you break down and understand what each file does in the WordPress file structure, everything becomes easy to digest.

In this article, though, I’m going to focus on the .htaccess file in your WordPress website and teach you how to optimize your site’s speed, improve its security, and other useful ways to utilize the WordPress .htaccess file.

What is WordPress .htaccess file?

The WordPress .htaccess file is one of the core files that can be used to optimize the speed of your website, improve its security, and also set specific redirection rules on your WordPress website.

The main purpose of htaccess is to define rules for web servers (Apache) on how to operate your website (WordPress). The default WordPress .htaccess file controls how pretty links (permalinks) are displayed on your WordPress site, but there is a lot more you can do with htaccess file in WordPress.

Before We Begin

Editing WordPress files without a backup is never a good idea. Hence, I suggest that you employ one of the following methods before we edit the htaccess file:

Backup WordPress Website – You should have a backup policy, which is one of the most foolproof security steps that you should take by backing up your entire WordPress website.

Also read: Best WordPress Backup Plugins

Create a local copy of your WordPress website – You can install WordPress locally on your Mac or PC and copy your live website to it to make edits. If everything works well, you can copy your htaccess file to your live site (won’t work for URL redirect rules, though).

Create WordPress staging/dev website – A very common feature among managed WordPress hosting providers is to create a staging and dev site. The staging site lives on a temporary URL and is a copy of your live website. You can make changes on dev site and push the changes to your live site once you’re done. Cloudways, Pantheon, and Siteground are some hosting providers that are known for providing this feature.

Backup current WordPress htaccess file – You can create backups of your htaccess file before making the edits. If anything breaks after editing htaccess, you can simply replace it with your backed up file.

How to Access .htaccess File

The first two questions that WordPress beginners will ask “Where is htaccess file in WordPress?” and “How to access htaccess file?”. Well, you can find htaccess file in the root directory (public_html) of your WordPress website and to access it you can use an FTP client like FileZilla.

If you can’t find htaccess file in the WordPress root directory, then maybe your WordPress website does not have a default htaccess file or your FTP client is not showing the hidden files. The htaccess is a hidden file by default, that is why it starts with a “.”.

To enable viewing hidden files in FileZilla, do the following:

  • Open the Filezilla FTP and connect to your webserver.
  • Navigate to the root directory where WordPress is installed.
  • From the menu bar at the top of the screen select Server.
  • Select “Force showing hidden files”.

If you still can’t see any htaccess file after displaying the hidden files, that means your WordPress website does not have .htaccess file. Don’t worry, though, because your WordPress is running default rules for “permalinks”.

To generate the htaccess, login to your WordPress Admin, navigate to Settings > Permalinks and click on save changes.

After doing this, refresh your FTP client screen and you will see the htaccess file with default the code.

What Can You Do with htaccess File in WordPress

Now that you know how to get in htaccess file, it is time to take a deep dive into what specific rules you can define within the WordPress htaccess file. I’ll break down the rules into three categories:

  • Redirect Rules
  • Improving WordPress speed
  • Making WordPress secure

Setting up Redirects

First, let’s cover the most common redirect rules you can implement on your WordPress website.

301 (Permanent) Redirect

The 301 redirect rule tells your visitor’s browser and the search engine bots that a certain URL has moved permanently to another URL. Here’s a common redirect rule that SEOs use to retain the ranking of their pages within SERPs:

Redirect 301 /oldpage.html http://www.yourwebsite.com/newpage.html

302 (Temporary) Redirect

If you’re working on the main URL and want to temporarily redirect visitors to another page for some time, then you may need to use a 302 redirect rule.

Redirect 302 /oldpage.html http://www.yourwebsite.com/newpage.html

Force URL to www

If you want your URL to always start with www then use the following code that will make your URLs consistent across the entire site:

Force URL to Non-www

Similarly, if you prefer cleaner URLs without the www, the following code will do it for you:

Force HTTPs

If you’re using an SSL certificate on your WordPress website, you’d probably want all your visitors and search engine crawlers to redirect to the HTTPs version of your website. Use this code:

Force HTTP

For forcing non HTTPs connections on your website, use the following code.

Redirect Domain To Sub-Directory

You can redirect a domain to a subdirectory using the following rule:

Redirect a Primary Domain to Another Domain

If you have two or more domain names, for example, abc.com, abc.net, and abc.org, etc., and want all of them to redirect to one domain then you can add redirect rules in the domains that you want to redirect to your primary domain:

Redirect 301 / http://www.abc.com/

Add the above rule in abc.net and abc.org to make them redirect to abc.com.

Removing the Query_String

Your website URLs will display the same content when accessed by adding a query string in the end. For example myblog.com can also be accessed via myblog.com/?my=query. If these query strings get crawled by the search engines, this would create duplicate content.

And easy way to get rid of this issue is to redirect and remove query strings using this code:

Setting the Language Variable Based on Client

For multilingual WordPress websites, the best way to redirect visitors to their preferred language is detecting their browser language and redirecting them to it by adding the following rule in the htaccess file:

Note: Many multilingual WordPress plugins do that on their own.

Redirecting WordPress Feeds to Feedburner

WordPress generates RSS feeds for posts by default, but if you’d like to use a third-party feed generator like Feedburner, then use the following code:

Optimizing WordPress Speed Using htaccess Rules

Many caching rules and expiry of WordPress assets can be set within the htaccess file. That means that you can actually add rules to optimize your WordPress website’s speed.

Set Expires Headers for Browser Cache

Many browsers today temporarily cache elements like CSS, JS, HTML and some media files like a favicon of frequently visited websites. If these elements on your WordPress site don’t change frequently, then you can increase the expiry times of these assets using the following rules:

Enable Gzip Compression

GZIP is a compression method that has gained significant popularity and has become the standard compression method for many WordPress cache plugins. It compresses the files and creates temporary files to be used instead.

If you want to manually enable GZIP compression within a WordPress website, add the following rule to your htaccess file:

Increasing Max Upload File Size Using WordPress htaccess File

This rule will let you upload larger files on your WordPress website. By default, the upload file size of many WP sites is around 10MB to 25MB, but if you want to increase it, use the following code:

there are many ways other ways also How to Increase WordPress Upload Size check that out 🙂

Improve Your WordPress Website’s Security

When it comes to security, there are htaccess rules that you can add to restrict user access to files or URLs, block access to files, and much more.

Protect .htaccess

An attacker can take down your entire website by injecting malicious rules into your htaccess file, hence, it’s important to protect it. Add the following rule to deny all access to htaccess file:

Restrict Access to WordPress Admin Panel

WordPress websites are prone to attacks, like Brute force attacks, that attempt to log in to your website admin. If you want to completely restrict access to your dashboard, create a new htaccess file and place it in /wp-admin folder and add the following code.

Note: xx.xx.xx.xx is the IP address that you want to Whitelabel. Only this IP address will be able to login to your website.

Password Protect single file

You can protect files with a password using the following htaccess rules.

Secure Important Files

There are other critical files that you should protect, like php.ini, wp-config.php, and to do that, add the following rules to restrict access:

Protect /wp-content/

The folder /wp-content contains the theme files, images, and cached files. The attackers will try to get access to the files within this folder and inject malicious codes. Use this code to keep them out:

Block IP Address

If you know the attackers IP address (you can get the IP from your website logs) you can block it using the following htaccess rules:

Deny Access To Certain Files

Just like blocking a specific IP address, you can block access to specific files using this code:

Prevent Files image/file Hotlinking and Bandwidth Stealing

Images and files can be stolen and multiple requests against image and file URLs can be generated. This type of attack will increase your bandwidth usage and will potentially slow your website down. To prevent hotlinking, use the following htaccess rule:

Conclusion

The WordPress htaccess file is no doubt one of the most important files in the WordPress directory. Using it the right way will increase your website’s level of security and also help optimize its speed. Apart from security and speed, htaccess files have powerful rules to change the default behavior of your WordPress website. That is why I recommend each WordPress developer to have a deeper understanding of each rule that can be used within this file.

If you have any questions or would like to request a rule for anything specific, just use the comments section below and I’ll get back to you!

Subscribe to Get a FREE WordPress Ebook Right in Your Inbox

WPblog provides the complete guide to launch your WordPress website completely FREE!

Ahsan is the Community Team Manager at Cloudways - A Managed Cloud Hosting Platform. He loves to solve problems and help Cloudways' clients in any aspect he can. In his free time, you can find him playing RTS PC games.

THERE'S MORE TO READ

Newsletter

WP HelpZone - Ultimate WordPress Pit-Stop

Learning WordPress? Or are you expert enough to help others? Join our WP Facebook group!

Also be a part of Giveaways & Discounts exclusively for YOU!