Things You Can Do With Your WordPress .htaccess File

People who know how to edit a WordPress website or blog also know about an important file .htaccess. The .htaccess file lets you do many things such as configure different functions and allows you to make changes to your web pages.

Keeping your website safe should be your top priority. WordPress is a secure platform, but that does not mean it is not vulnerable to attacks. Fortunately, with the use of the .htaccess file, you can tweak and harden your site’s security. By editing the file, you can ban users, create redirects and prevent attacks.

In short, this file helps safeguard a WordPress website and boosts its performance. Below we have shared a few things that you can do with your WordPress .htaccess file.

Verified 4 Hour(s) Ago

6258 Users Have Claimed This Offer!

Editor's Choice

[EXCLUSIVE OFFER] Flat 60% off on Shared, WordPress, Cloud, Reseller, and VPS hosting+ Free. COM Domain & SSL. LIMITED TIME ONLY.

SUNSHINE

Ending Soon. Hurry!

Just Click to Visit, Coupon Will be Applied Automatically.
Easy EMI Options Available for Buying Hostgator Hosting
Best Shared, Reseller, Cloud, VPS & WordPress Hosting. Limited Time Only!
Up to 60% off on Shared & Wordpress Hosting.
60% off on Reseller, Cloud & VPS Hosting on min. 3 months
60% off on Dedicated Server for first month.
Discount Applicable on Coupon Use.

What can you do with WordPress .htaccess File?

Located in the root folder, the WordPress .htaccess file makes it easier to enable/disable different functions on the server. All WordPress websites use .htaccess file by default to reset the site’s permalinks structure or to create redirection. It also helps with website security, including password protection, preventing script injection attacks, etc.

Contents

What can you do with WordPress .htaccess File?
What is the .htaccess file?
What more can be done with WordPress .htaccess File?
1. Protect the Admin Area
2. Limit Access to Parts of Your Website
3. Load your site securely with HTTPS
4. Prevent Script Injection Attacks
5. Change Cache Settings
6. Prevent Image Hotlinking
7. Setting 301 Redirects With .htaccess file
8. Control Your File Extensions
9. Increase the File Upload Size in WordPress
To Conclude,

Top

What is the .htaccess file?

A .htaccess file is a short form of hypertext access. It is a configuration file that helps determine how the Apache-based servers interact with your website.

It helps to control the directory files and the access feature.
It helps you to enable or disable different functions of the server.
It creates a redirection from non-www to www URLs and resets the permalink structures.
The .htaccess files also handle WordPress security settings. You can use it to set file privileges and configure password protection.

WordPress uses the .htaccess file to generate an SEO-friendly URL structure. The file is located in the root folder, and you will need to connect to your website using an FTP client. Before you edit the file, save a copy on your system as a backup.

Further reading: Essential Settings You Shouldn’t Miss After WordPress Installation

Top

What more can be done with WordPress .htaccess File?

1. Protect the Admin Area

You can protect your WordPress admin area with the .htaccess file by limiting access to the selected IP address. Copy the code given below, and don’t forget to change the values of XX in the given codes.

For more than one IP address, make sure you add them to the value. Limiting access to the WordPress admin area helps secure your WordPress website.

‘AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName “WordPress Admin Access Control”
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
# whitelist Syed’s IP address
allow from xx.xx.xx.xxx
# whitelist David’s IP address
allow from xx.xx.xx.xxx
</LIMIT>’

Top

2. Limit Access to Parts of Your Website

Use the .htaccess file to deny access to certain pages of your website such as the Wp-config.php file. By adding the following code, a 404 error will be shown when someone attempts to view the file.

‘<Files ~ “/wp-config.php”>Order Allow,DenyDeny from All</Files>’

You can also restrict access to sensitive data. Since most WordPress websites use a similar structure, your site can be vulnerable to attacks. If you add – Options-Indexes, it will disable the default directory function, which will stop robots and viewers from viewing the structure.

Top

3. Load your site securely with HTTPS

An SSL certificate makes your website more secure. Use the following code for loading HTTPS:

‘RewriteEngine OnRewriteCond %{HTTPS} !=onRewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]’

With the code, your website will redirect any HTTP request to HTTPS. If a user attempts to access the website with an HTTP code, the access will change to HTTPS. This will enhance the security feature of your WordPress website.

Top

4. Prevent Script Injection Attacks

Script injections change how the site application executes by adding invalid code. If someone adds a script to the text field of your website and submits it, it can cause your website to run the script. Add the following code to prevent script injection attacks:

‘Options +FollowSymLinksRewriteEngine OnRewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})RewriteRule ^(.*)$ index.php [F,L]’

With the above code, your site will detect and stop script injection by redirecting the culprit to the index.php page. But, this code will not protect against every attack, so you need to be aware. The code may be useful, but it is not the only protection function.

Top

5. Change Cache Settings

Browser caching saves temporary files on the visitor’s local device, which enables the pages to load faster. Using the .htaccess file, you can modify the time your files are stored in the browser cache as they are updated with new versions. Using the mod_headers function you can do this. The following code will change the caching time for png, jpeg, and gif files.

<ifModule mod_headers.c><filesMatch “\\.(jpg|jpeg|png|gif)$”>Header set Cache-Control “max-age=2592000, public”</filesMatch>

You can change the time and file extensions that will be affected by the change. For adding different settings for different extensions, add the mod_header function.

Top

6. Prevent Image Hotlinking

When images on your server are displayed on another site, it causes the problem of image hotlinking. You can stop this by adding a code to .htaccess.

‘RewriteEngine OnRewriteCond %{HTTP_REFERER} !^$RewriteCond %{HTTP_REFERER} !^https://(www\.)?example.com/.*$ [NC]RewriteRule \.(png|gif|jpg|jpeg)$ https://www.example.com/wp-content/uploads/hotlink.gif [R,L]’

Replace the above ‘example’ with your domain name to prevent the images from loading on different websites. You can use the function to send an alternative to websites that try to display images from your site server. Consider linking to a script image than a static one, respond to the watermarked images, which has an ad.

Top

7. Setting 301 Redirects With .htaccess file

By using the 301 redirects, you can tell your users that the content has moved to a new location, and it is an important feature from an SEO perspective. You can quickly set up the redirects using the .htaccess file. You need to use the following code for setup. Replace the example with your domain name.

‘Redirect 301 /oldurl/ http://www.example.com/newurl
Redirect 301 /category/television/ http://www.example.com/category/tv/

A small mistake in changing your .htaccess code can make your WordPress site inaccessible. It may also show internal server errors. Always take a backup when you change the settings for 301 redirects.

Top

8. Control Your File Extensions

You can control file extensions by using the .htaccess file on WordPress. With this feature, you will be able to run different files as PHP. The following code helps to remove the file extension from PHP when they are loaded.
Use this code with any file and replace the instances of the PHP. It will cause all the PHP files to load without displaying the extension in the URL. For example, the index.php will remain as an index.

‘RewriteEngine OnRewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*index\ HTTP/RewriteRule ^(.*)index$ http://example.com/$1 [L,R=301] RewriteCond %{REQUEST_FILENAME} !-dRewriteRule ^([^/]+)/$ http://example.com/$1 [L,R=301] RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /(.+)\.php\ HTTP/RewriteRule ^(.+)\.php$ http://example.com/$1 [L,R=301]RewriteRule ^([a-z]+)$ /$1.php [L]’

Top

9. Increase the File Upload Size in WordPress

You can use different ways to increase the file upload size limit. The following code can be added to .htaccess file to do the same. The code tells the webserver to use different values to increase the file upload size and the maximum execution time in WordPress. However, for Shared hosting users, the above ways may not work.

‘php_value upload_max_filesize 64M
php_value post_max_size 64M
php_value max_execution_time 300
php_value max_input_time 300’

Top

To Conclude,

The .htaccess files help your site to function properly. It tells your server about the content to load or how to run the server. The file helps in setting up the WordPress security settings such as preventing or blocking spambots. It also lets you block the author scans and disable access to the XML-RPC file.

It provides flexibility in controlling a server. You can use the .htaccess file for added password protection to your WordPress admin area. Creating the file won’t take time, and you can do it in simple steps.