People who know how to edit a WordPress website or blog also know about an important file .htaccess. The .htaccess file lets you do many things such as configure different functions and allows you to make changes to your web pages.
Keeping your website safe should be your top priority. WordPress is a secure platform, but that does not mean it is not vulnerable to attacks. Fortunately, with the use of the .htaccess file, you can tweak and harden your site’s security. By editing the file, you can ban users, create redirects and prevent attacks.
In short, this file helps safeguard a WordPress website and boosts its performance. Below we have shared a few things that you can do with your WordPress .htaccess file.
What can you do with WordPress .htaccess File?
Located in the root folder, the WordPress .htaccess file makes it easier to enable/disable different functions on the server. All WordPress websites use .htaccess file by default to reset the site’s permalinks structure or to create redirection. It also helps with website security, including password protection, preventing script injection attacks, etc.
- What can you do with WordPress .htaccess File?
- What is the .htaccess file?
- What more can be done with WordPress .htaccess File?
- 1. Protect the Admin Area
- 2. Limit Access to Parts of Your Website
- 3. Load your site securely with HTTPS
- 4. Prevent Script Injection Attacks
- 5. Change Cache Settings
- 6. Prevent Image Hotlinking
- 7. Setting 301 Redirects With .htaccess file
- 8. Control Your File Extensions
- 9. Increase the File Upload Size in WordPress
- To Conclude,
What is the .htaccess file?
A .htaccess file is a short form of hypertext access. It is a configuration file that helps determine how the Apache-based servers interact with your website.
- It helps to control the directory files and the access feature.
- It helps you to enable or disable different functions of the server.
- It creates a redirection from non-www to www URLs and resets the permalink structures.
- The .htaccess files also handle WordPress security settings. You can use it to set file privileges and configure password protection.
WordPress uses the .htaccess file to generate an SEO-friendly URL structure. The file is located in the root folder, and you will need to connect to your website using an FTP client. Before you edit the file, save a copy on your system as a backup.
Further reading: Essential Settings You Shouldn’t Miss After WordPress Installation
What more can be done with WordPress .htaccess File?
1. Protect the Admin Area
You can protect your WordPress admin area with the .htaccess file by limiting access to the selected IP address. Copy the code given below, and don’t forget to change the values of XX in the given codes.
For more than one IP address, make sure you add them to the value. Limiting access to the WordPress admin area helps secure your WordPress website.
AuthName “WordPress Admin Access Control”
deny from all
# whitelist Syed’s IP address
allow from xx.xx.xx.xxx
# whitelist David’s IP address
allow from xx.xx.xx.xxx
3. Load your site securely with HTTPS
An SSL certificate makes your website more secure. Use the following code for loading HTTPS:
With the code, your website will redirect any HTTP request to HTTPS. If a user attempts to access the website with an HTTP code, the access will change to HTTPS. This will enhance the security feature of your WordPress website.
5. Change Cache Settings
Browser caching saves temporary files on the visitor’s local device, which enables the pages to load faster. Using the .htaccess file, you can modify the time your files are stored in the browser cache as they are updated with new versions. Using the mod_headers function you can do this. The following code will change the caching time for png, jpeg, and gif files.
You can change the time and file extensions that will be affected by the change. For adding different settings for different extensions, add the mod_header function.
7. Setting 301 Redirects With .htaccess file
By using the 301 redirects, you can tell your users that the content has moved to a new location, and it is an important feature from an SEO perspective. You can quickly set up the redirects using the .htaccess file. You need to use the following code for setup. Replace the example with your domain name.
Redirect 301 /category/television/ http://www.example.com/category/tv/
A small mistake in changing your .htaccess code can make your WordPress site inaccessible. It may also show internal server errors. Always take a backup when you change the settings for 301 redirects.
9. Increase the File Upload Size in WordPress
You can use different ways to increase the file upload size limit. The following code can be added to .htaccess file to do the same. The code tells the webserver to use different values to increase the file upload size and the maximum execution time in WordPress. However, for Shared hosting users, the above ways may not work.
php_value post_max_size 64M
php_value max_execution_time 300
php_value max_input_time 300’