{"id":37762,"date":"2022-10-28T07:00:37","date_gmt":"2022-10-28T14:00:37","guid":{"rendered":"https:\/\/dhblog.dream.press\/blog\/?p=37762"},"modified":"2025-05-21T18:01:16","modified_gmt":"2025-05-22T01:01:16","slug":"guide-to-wp-and-htaccess","status":"publish","type":"post","link":"https:\/\/www-dev.dreamhost.com\/blog\/guide-to-wp-and-htaccess\/","title":{"rendered":"Beginner\u2019s Guide to the WordPress .htaccess File"},"content":{"rendered":"\n

Keeping your site safe should be a top priority for every administrator. WordPress is a secure platform<\/a> out of the box, but that doesn\u2019t mean it\u2019s impervious to attacks. Fortunately, even if you aren\u2019t a security expert, you can use a file called .htaccess<\/i> to harden your site\u2019s security policies.<\/p>\n\n\n\n

.htaccess<\/i> is a configuration file<\/a> for the Apache web server, which serves many WordPress sites. It\u2019s a powerful tool that helps safeguard your site and boost its performance through some minor tweaks to its code. By editing this file, you can ban users, create redirects, prevent attacks, and even deny access to specific parts of your site.<\/p>\n\n\n\n

An Introduction to the .htaccess File<\/b><\/h2>\n\n\n\n

.htaccess<\/i> is short for \u201cHyperText Access.\u201d It\u2019s a configuration file that determines how Apache-based servers<\/a> interact with your site. In simpler terms, .htaccess<\/i> controls how files in a directory can be accessed. You can think of it as a guard for your site because it decides who to let in and what they\u2019re allowed to do.<\/p>\n\n\n\n

By default, an .htaccess<\/i> file is typically included in your WordPress installation<\/a>. The main purpose of this file is to improve security and performance. Plus, it also enables you to override your web server\u2019s settings.<\/p>\n\n\n\n

You\u2019ll most likely find your .htaccess<\/i> file in your site\u2019s root directory. Since .htaccess<\/i> applies to both its own directory and any subdirectories within that main folder, it impacts your entire WordPress site.<\/p>\n\n\n\n

It\u2019s also worth noting that the .htaccess<\/i> file does not have a file extension. The period at the start simply makes sure the file remains hidden.<\/p>\n\n\n\n

How to Edit Your WordPress .htaccess File<\/b><\/h2>\n\n\n\n

Editing the .htaccess<\/i> file is, in practice, as simple as editing any other text file. However, because this is a core file, making changes to it can have unintended consequences.<\/p>\n\n\n\n

For this reason, it\u2019s vitally important that you back up your site<\/a> before you begin, regardless of whether you\u2019re a beginner or an experienced developer.<\/p>\n\n\n\n

When you\u2019re ready to edit your .htaccess<\/i> file, you can access it using Secure File Transfer Protocol (SFTP)<\/a> or Secure Shell (SSH<\/a>). You will find .htaccess<\/i> in your site\u2019s root directory:<\/p>\n\n\n

\n
\"WordPress<\/figure><\/div>\n\n\n

Open the file using your preferred text editor, such as TextEdit or Notepad. If the file hasn\u2019t been edited before, you\u2019ll see the following default information:<\/p>\n\n\n

\n
\"WordPress<\/figure><\/div>\n\n\n

It\u2019s important not to add or change anything between the # BEGIN and # END tags. Instead, all new code should be added after this block.<\/p>\n\n\n\n

At this point, all you need to do is add your code and save the file. When you\u2019re including multiple new functions, it\u2019s best to save and test each one separately. If an error occurs, this will make it much easier to troubleshoot which change caused the problem.<\/p>\n\n\n\n

While almost all WordPress installations will already contain an .htaccess<\/i> file, in some cases, you may need to create one. You can do this using a text editor of your choice, as long as you save it with the right file name: .htaccess<\/i> with no extension.<\/p>\n\n\n\n

It\u2019s also important to configure the file\u2019s permission settings<\/a> correctly. You can then upload .htaccess<\/i> to your site\u2019s root directory.<\/p>\n\n\n\n

9 Things You Can Do With Your WordPress .htaccess File<\/b><\/h2>\n\n\n\n

Now that you\u2019re familiar with the .htaccess<\/i> file, it\u2019s time to get up close and personal. We\u2019re going to introduce a number of ways you can easily boost your site\u2019s security and performance by editing this file.<\/p>\n\n\n\n

Simply use the code snippets we\u2019ve provided below, and remember to create a backup before you start!<\/p>\n\n\n\n

1. Deny Access to Parts of Your Site<\/b><\/h3>\n\n\n\n

One of the most useful things you can do with .htaccess<\/i> is deny access<\/a> to certain pages and files. There are a few files you should consider hiding in this way for security reasons, such as your wp-config.php file<\/a>.<\/p>\n\n\n\n

You can do this by adding the following code, which will cause a 404 error<\/a> to appear if anybody attempts to view the file:<\/p>\n\n\n\n

<Files ~ \"\/wp-config.php\">\nOrder Allow,Deny\nDeny from All\n<\/Files><\/pre>\n\n\n\n
In cases where sensitive data should be hidden, it can be useful to restrict access to the corresponding directory. Since many WordPress sites use the same folder structure, this setup can leave your site vulnerable. If you add the following line, it will disable the default directory listing functionality:<\/p>\n\n\n\n
Options -Indexes<\/pre>\n\n\n\n
This will stop users and robots from viewing your folder structure. If anybody tries to access it, they\u2019ll be shown a 403 error<\/a> page instead.<\/p>\n\n\n\n
2. Redirect and Rewrite URLs<\/b><\/h3>\n\n\n\n
Creating redirects<\/a> enables you to automatically send users to a specific page. Redirects can be particularly useful if a page has moved or been deleted, and you want users who attempt to access that page to be taken somewhere else.<\/p>\n\n\n\n
You can accomplish this with a plugin such as Redirection<\/a>, but it\u2019s also possible to do it by editing the .htaccess<\/i> file. To create a redirect, use the following code:<\/p>\n\n\n\n
Redirect \/oldfile.html http:\/\/www.example.com\/newfile.html<\/pre>\n\n\n\n
You can probably see what\u2019s going on here. The first part is the path to the old file, while the second part is the URL you want visitors to be redirected to.<\/p>\n\n\n\n
\n\n\n
Get Content Delivered Straight to Your Inbox<\/h2>
Subscribe now to receive all the latest updates, delivered directly to your inbox.<\/p>
<\/div>