How to Create, Locate, and Edit the WordPress .htaccess File

Try this guide with our instant dedicated server for as low as 40 Euros

htaccess file

WordPress is a free and open-source content management system (CMS) that powers an impressive portion of websites on the Internet. 

Non-technical users can use WordPress to create amazing websites and manage content without worrying about maintaining website design and content. 

Most of the capabilities that make WordPress such an amazing CMS originate from the configurations in the WordPress .htaccess file. In most cases, this file is used to implement redirects or enable HTTPS.

The .htaccess file is a crucial configuration tool that Apache web servers and WordPress sites use to manage how a WordPress site responds to various server requests and manipulate server-side functions such as URL redirections, server signatures, file caching, password protections, and the customization of error pages.

As such, understanding the workings of the .htaccess file is essential for controlling your website’s behavior and enhancing its performance. 

In this comprehensive tutorial, we will show you how to edit and set up the default .htaccess WordPress file for websites. 

Let’s start with a quick look at the nature of the .htaccess file.

Table Of Contents

  1. What is a .htaccess File?
    1. Uses of .htaccess File
  2. How to Find the .htaccess File
    1. Method #1: Access the File via cPanel
    2. Method #2: Access the File via an FTP Client
  3. How to Create a Default .htaccess WordPress File
  4. How to Edit the WordPress .htaccess File
    1. Method #1: Edit the File via cPanel
    2. Method #2: Edit the File via an FTP Client
  5. WordPress .htaccess: The Common Configurations
  6. WordPress .htaccess Security Tips
    1. Tip #1: Restrict Access
    2. Tip #2: Disable Directory Listing
    3. Tip #3: Prevent Image Hotlinking
    4. Tip #4: Limit File Uploads
  7. Conclusion
  8. FAQs

What is a .htaccess File?

Before diving into how to access, create, and edit a .htaccess file, let us understand what is the .htaccess file?

The .htaccess (short for hypertext access) file, is an essential configuration file widely used in web servers, particularly with Apache and WordPress platforms. It is a simple plain text file that contains a variety of configuration directives for the server. In most cases, the file is located in the root directory of a website.

Uses of .htaccess File

In WordPress, the main function of the .htaccess file is to manage permalinks for the website. Beyond handling permalinks, this file offers a variety of configuration options that can enhance a website’s functionality and user experience.

The following table outlines the common uses and benefits of the .htaccess file:

Uses of .htaccess File

Using the .htaccess file allows WordPress administrators to customize and secure a website based on particular needs.

How to Find the .htaccess File

The default .htaccess WordPress file is found in the root directory of your WordPress installation. Given the critical importance of this file, it is often hidden to prevent unintentional access and modification.

Thus, you may need to adjust your file manager settings to display hidden files to access this file. You can access this file in two different methods, depending on your hosting setup:

Method #1: Access the File via cPanel

To locate the default .htaccess WordPress file through cPanel, follow these steps:

Step#1: Login to cPanel

Sign in to your cPanel dashboard with the appropriate login credentials. If you haven’t modified it, we recommend using the credentials provided by your hosting providers. 

Step#2: Use the File Manager

Navigate to the Files section and launch the File Manager application.

Use the File Manager

Step #3: Find the WordPress Folder

Identify and click the folder containing your WordPress installation. This folder is typically named www or public_html

If it is not immediately visible, the file is hidden, and you need to apply the next step to “unhide” it.

Step #4: Show Hidden Files( If necessary)

To view the hidden files, start by clicking Settings at the top right corner of the File Manager. 

Select Show Hidden Files (dotfiles). 

Next, click Save to apply the changes.

Show Hidden Files

You can now see the hidden files in the current folder.

Method #2: Access the File via an FTP Client

If you don’t have access to a cPanel account, you can locate the .htaccess file using an FTP client like FileZilla. Here are the steps of the process:

Step #1: Connect to your Website

Launch the FTP client and establish a connection to the WordPress website using the FTP credentials provided by your hosting provider.

Step #2: Navigate to Root Directory

 Locate and access the root directory of your website. This folder is commonly named www or public_html.

If it is not immediately visible, the hosting provider has hidden the folder (and the files in them). For this, you can apply the next step.

Step #3: Show Hidden Files (if necessary)

If the .htaccess file isn’t immediately visible, adjust your FTP client’s settings to show hidden files. 

Navigate to the Server option in FileZilla.

Select Force showing hidden files.

Force showing hidden files

Note: The specific steps to show hidden files might vary depending on your FTP client. Refer to your client’s documentation for detailed instructions.

Step #4: Locate the .htaccess File

Once you enable viewing hidden files, the .htaccess file becomes visible in the current directory.

How to Create a Default .htaccess WordPress File

In some instances, WordPress may not automatically generate a default .htaccess file, or it could be missing due to various reasons. 

In these rare cases, you can create a .htaccess file manually. This process has the following steps:

Step #1: Locate the Root Directory

Access your cPanel dashboard and navigate to the Files section. 

Launch the File Manager application.

Step #2: Find your WordPress Folder

Navigate to the root directory of your WordPress installation. This folder is usually named public_html or www.

Step #3: Create a New File

Click + File at the top left corner to create a new .htaccess file.

Enter .htaccess as the file name and click Create New File to proceed.

Create a New File

Step #4: Edit the File

Open the newly created file for editing. 

In the cPanel, select the file and click Edit on the top. Alternatively, you can right-click the file and select Edit from the context menu.

Edit the File

Step #5: Paste the Standard Content

Insert the following into the file:

BEGIN WordPress

RewriteEngine On

RewriteBase /

RewriteRule ^index\.php$ - [L]

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule . /index.php [L]

END WordPress

This boilerplate content is automatically generated by WordPress and is often considered the default .htaccess content. It manages permalink structures and URL rewriting.

Step #6: Save the File

Save the newly created .htaccess file and Exit.

How to Edit the WordPress .htaccess File

Modifying the .htaccess file is a simple way of having extensive control over the WordPress website’s functionality and behavior. 

It is an essential step in tailoring server settings, improving the functionality of the WordPress website, managing permalinks, and enhancing security. Similar to creating the file, you can modify the WordPress .htaccess in two methods.

Important: Before making any changes, backup the .htaccess file to your local machine. This ensures you can restore the file to a working version if something goes wrong during editing.

Method #1: Edit the File via cPanel

Login to cPanel with your credentials. Locate the File Manager and navigate to the WordPress Folder. 

Locate the .htaccess File and bring up the context menu. Select Edit to start editing the content of the file. 

Once you complete the edits, click Save to preserve these changes.

Method #2: Edit the File via an FTP Client

To edit the .htaccess file using an FTP client, follow these steps.

Use the FTP client to connect to your website. Navigate to the root directory and right-click the .htaccess file. 

Select Download to transfer the file to your system. This creates a local rollback file that you can use to quickly restore the website functionality. Make a copy of this file. 

Open this copy in your preferred editor. This allows you to make changes while keeping a local copy for quick reversion to the original configuration if necessary.

Once you have made the necessary edits, save the file. 

Now, use the FTP client to upload the modified .htaccess file back to the root directory of your website, overwriting the existing file.

Note: When using a Linux terminal, you can modify the file with vim by entering the command 

# sudo vim [root_directory]/.htaccess.

WordPress .htaccess: The Common Configurations

You can implement a range of configuration options by editing the .htaccess file. As a result, you can significantly customize a WordPress website. 

Here are some common configurations that WordPress administrators frequently use to control website behavior and enhance security by editing the .htaccess file.

Redirections

Redirections help manage traffic flow on your website, ensuring that users are directed to the right pages and URLs. 

Common scenarios for redirection include:

  • 301 Redirect: When a website’s permalink changes, a 301 redirect should guide traffic to the new page. This ensures that users with bookmarks or links still reach the right destination. 

To set up a 301 redirect for any page, add the following directive to your .htaccess file.

Redirect 301 /[old_permalink].html [website_URL]/[current_permalink].html

  • 302 Redirect: To temporarily reroute traffic to another page, utilize a 302 redirection. This is ideal for temporary changes or testing purposes.

To implement a 302 redirect, add this directive to the file:

Redirect 302 /[old_permalink].html [website_URL]/[current_permalink].html

  • Subdirectory Redirect: To direct traffic from one subdirectory to another within your website, opt for subdirectory redirection. It’s handy when combining or restructuring the content of your website. 

To implement subdirectory redirection, add the following statement:

Redirect /[subdirectory] [website_URL]/[new_subdirectory]

  • Different Domain Redirect: In some scenarios, it may be necessary to redirect traffic to a different domain or an entirely different website. It is commonly used in affiliate marketing, handling domain name variations, rebranding, or during domain migration. 
  • The syntax for this redirection in your .htaccess file is as follows:

Redirect / [new_website_URL]

Force www or Non-www

Using the .htaccess file to either force or remove the www prefix from the WordPress website URLs is a common practice. This helps maintain SEO and branding consistency and prevents potential duplication issues arising from URL variations.

To force the www prefix on your website, add the following directives to your .htaccess file:

RewriteEngine On

RewriteCond %{HTTP_HOST} !^www\. [NC]

RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Here,

RewriteEngine On: Activates the rewrite engine.

RewriteCond: Defines a condition based on the incoming request.

RewriteRule: Defines a rule to rewrite the URL based on the specified condition.

[L,R=301]: Indicates that the rewrite rule should stop processing further rules. 

(L): Send a permanent redirect (301) to the rewritten URL.

Alternatively, use the following set of directives to force non-www for a website:

RewriteEngine On

RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]

RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301]

In both examples, the .htaccess configuration manages incoming requests to either include or exclude the www prefix.

Force HTTP or HTTPS

Using the .htaccess file to either force or remove the HTTP prefix from your WordPress website URLs is a common practice. 

The current rising cyber security issues call for websites to enable HTTPS for additional protection. This step also helps maintain SEO and branding consistency and prevents potential duplication issues arising from URL variations.

To force the HTTPS prefix on your website, add the following directives to your .htaccess file:

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Alternatively, to force HTTP on a WordPress website, execute:

RewriteEngine On

RewriteCond %{HTTPS} on

RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

In both cases, the rewrite condition checks whether HTTPS is on and rewrites the URL accordingly.

WordPress .htaccess Security Tips

The .htaccess file includes several directives that can enhance the security of your WordPress website. Implementing these directives helps bolster your site’s defenses and reduces the risk of potential attacks. 

Here are some crucial security tips and measures to consider specifically for the .htaccess file:

Tip #1: Restrict Access

WordPress has certain files that contain sensitive data and should not be accessible to all users. 

In particular, you should secure files like .htaccess, .htpasswd, and wp-config.php from unauthorized access. For this, add the following directives in your .htaccess file:

<FilesMatch "^.*(\.htaccess|\.htpasswd|wp-config\.php)$">

Order allow,deny

Deny from all

</FilesMatch>

These directives identify specific file names and block access for all users. To protect additional sensitive files, modify the regular expression in the code to include these files and restrict access.

Tip #2: Disable Directory Listing

It’s crucial to disable directory listings to block unauthorized users from accessing the contents and directories on your server. 

This can be accomplished by inserting the following directive into your .htaccess file, which will prevent directory listing access:

# Options -Indexes

The directive guarantees that directory contents remain hidden unless an index file, like index.php, is available.

Tip #3: Prevent Image Hotlinking

Preventing image hotlinking is crucial to protect your WordPress website’s bandwidth and resource usage. 

Implement the following set of rules in your .htaccess file to safeguard images hosted on your server:

RewriteEngine on

RewriteCond %{HTTP_REFERER} !^$

RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC]

RewriteRule \.(gif|jpg|jpeg|png)$ - [NC,F,L]

The condition verifies if the request is for an image file and checks if it originates from the specified domain. If the request doesn’t match the domain, it blocks access and returns a 403 error, effectively preventing hotlinking.

Tip #4: Limit File Uploads

Restricting uploads of specific file types can help prevent users from uploading potentially harmful files and scripts to your WordPress site. To implement restrictions on file uploads, add the following set of directives to the file:

<FilesMatch "\.(exe|php|sh)$">

Order allow,deny

Deny from all

</FilesMatch>

The directive blocks uploading files that end in .exe, .php, or .sh, which are typical for script files.

Conclusion

Managing the .htaccess file can significantly impact the performance and security of your WordPress site. By following this step-by-step guide, you can effectively create and modify this file to suit your website’s needs.

FAQs

Q. What is the .htaccess file in WordPress?

The .htaccess file is a configuration file used on WordPress websites to control the server configuration and implement various settings such as 301 redirects, permalink structure, and security measures.

Q. How can I access the .htaccess file in WordPress?

The .htaccess file is typically located in your WordPress site’s root directory. You can access it using the File Manager in your web hosting control panel or via an FTP client like FileZilla.

Q. How do I create a new .htaccess file in WordPress?

To create a new .htaccess file for your WordPress site, manually create a text file and add the necessary directives or use a WordPress plugin .htaccess file editor.

Q. Can I edit the default WordPress .htaccess file?

While it’s generally recommended to avoid directly editing the default WordPress .htaccess file, you can change the File Manager Settings.

Q. How to edit the WordPress .htaccess file using cPanel?

You can edit the WordPress .htaccess file using cPanel by navigating to the File Manager, locating the file in the root directory, and using the built-in Code Editor or File Manager options.

Q. What precautions should I take when editing the .htaccess file in WordPress?

When making changes to the .htaccess file in WordPress, it’s important to back up the file, double-check the code snippets, and ensure that you have the necessary permissions.

Q. How to add a 301 redirect using the .htaccess file?

To add a 301 redirect in your .htaccess file: Redirect 301 /old-URL http://www.yourdomain.com/new-url. Replace /old-url with the path you’re redirecting from and http://www.yourdomain.com/new-url with the new destination URL. 

Save the changes to implement the redirect permanently.

Q. What is the role of a security plugin in protecting the .htaccess file?

A security plugin can help safeguard your .htaccess, by monitoring unauthorized changes and reinforcing overall site security. Some plugins may add default code to the .htaccess to enhance protection or manage access to core directories.

Q. How can I identify and fix syntax errors in the .htaccess file?

To find and correct syntax errors in your .htaccess file, use your preferred text editor to review the file structure and code. Look for common issues like missing punctuation or incorrect commands. In addition, check the server’s error logs to acquire insights into specific file errors.

Q. How do I use the File button to edit the .htaccess file in cPanel?

In cPanel, navigate to the current directory of your WordPress installation, usually the root or the wp-content folder. Click the File button to create a new .htaccess file or edit an existing one by selecting it and using the Edit option.

Q. Why is FTP access important for managing .htaccess?

FTP access allows you to manually upload, download, and edit core files of your WordPress site, such as the .htaccess. This is especially useful for fixing issues that might prevent WordPress from functioning correctly, such as redirect problems or URL structure adjustments.

Q. What should I consider when setting up page-level redirects in .htaccess?

When implementing page-level redirects, ensure the syntax is correct to avoid disrupting the site’s URL structure. Use redirects sparingly to prevent performance impacts and ensure they are necessary to enhance site navigation or SEO.

Q. How do I ensure I have a backup file of my .htaccess before editing?

Always create a backup file of your .htaccess before making any changes. You can do this by downloading a copy of the file via FTP or using the File Manager in your hosting control panel. This safeguard allows you to restore the original settings if an error occurs.

Q. How can dynamic IP addresses affect .htaccess configurations?

Dynamic IP addresses can complicate configurations in .htaccess by restricting or allowing access based on IP addresses. For environments with dynamic IPs, consider using broader access control methods or regularly updating the .htaccess as required.

Q. What should I do with unnecessary plugins affecting my .htaccess?

Unnecessary plugins that modify or add to the .htaccess file can introduce issues. It’s best to remove any unused or unnecessary plugins and review the .htaccess for any residual rules that might need cleaning up to maintain optimal performance and security.

Q. How do I manage .htaccess in WordPress default versions?

WordPress default versions typically include a basic .htaccess file suited for general use, including URL rewriting for pretty permalinks. If you upgrade or reinstall WordPress, ensure that your .htaccess file is updated or restored to include custom rules that might have been overwritten.

Try this guide with our instant dedicated server for as low as 40 Euros