- Web templates
- E-commerce Templates
- CMS & Blog Templates
- Facebook Templates
- Website Builders
12 most useful .htaccess tricks for WordPress
June 13, 2018
Hello, our support team is ready to present you a new tutorial about 12 most useful .htaccess tricks for WordPress.
The .htaccess file is a server configuration file which allows you to define rules for your server to follow for your website.
WordPress usually uses .htaccess file to generate SEO friendly URLs. However, this file can be used for other various goals.
The .htaccess file is located in your WordPress site’s root folder. You will need to connect to your website using an FTP client to edit it.
Protect Your WordPress Admin Area
Simply copy and paste this code into your .htaccess file:
AuthUserFile /dev/null AuthGroupFile /dev/null AuthName "WordPress Admin Access Control" AuthType Basic
order deny,allow deny from all # whitelist Syed's IP address allow from xx.xx.xx.xxx # whitelist David's IP address allow from xx.xx.xx.xxx You need to replace xx values with your own IP address
Password Protect WordPress Admin Folder
You can use .htaccess file to add an additional password protection to your WordPress admin area.
First, you need to generate a .htpasswds file. You can do it by using this online generator.
Upload this .htpasswds file outside your publicly accessible web directory or /public_html/ folder. For example: /public_html/wp-admin/passwd/
Create a .htaccess file and upload it in /wp-admin/ directory and then add the following codes in there:
AuthName "Admins Only" AuthUserFile /home/yourdirectory/.htpasswds/public_html/wp-admin/passwd AuthGroupFile /dev/null AuthType basic require user putyourusernamehere
Order allow,deny Allow from all Satisfy any Replace AuthUserFile path with the file path of your .htpasswds file and add your own username
Disable Directory Browsing
To disable directory browsing on your website, you need to add the following line to your .htaccess file:
Options -Indexes
Disable PHP Execution in Some WordPress Directories
You can increase WordPress security by disabling PHP execution for some WordPress directories. You will need to create an empty .htaccess file on your computer and then paste the following code inside it:
deny from all Protect Your WordPress Configuration wp-config.php File
To protect your wp-config.php file from unathorized access, just add the following code to your .htaccess file:
order allow,deny deny from all Setting up 301 Redirects Through .htaccess File
Using 301 redirects is the most SEO friendly way to tell your users that a content has moved to a new location. You can set up redirects by adding the following code to .htaccess file:
Redirect 301 /oldurl/ http://www.example.com/newurl Redirect 301 /category/television/ http://www.example.com/category/tv/
Ban Suspicious IP Addresses
Add the following code to your .htaccess file. Don’t forget to replace xx with the IP address you want to block.
order allow,deny deny from xxx.xxx.xx.x allow from all Disable Image Hotlinking in WordPress Using .htaccess
You can prevent image hotlinking by adding this code to your .htaccess file:
#disable hotlinking of images with forbidden or custom image option RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?wpbeginner.com [NC] RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC] RewriteRule \.(jpg|jpeg|png|gif)$ – [NC,F,L]
Protect .htaccess From Unauthorized Access
Due to the power and control it has on your web server, it is important to protect it from unauthorized access by hackers. Simply add following code to your .htaccess file:
order allow,deny deny from all satisfy all Increase File Upload Size in WordPress
You can do it by adding the following code to .htaccess file:
php_value upload_max_filesize 64M php_value post_max_size 64M php_value max_execution_time 300 php_value max_input_time 300
Disable Access to XML-RPC File Using .htaccess
There are multiple ways to do that, one of them is by adding the following code to your .htaccess file:
# Block WordPress xmlrpc.php requests
order deny,allow deny from all Blocking Author Scans in WordPress
A common technique used in brute force attacks is to run author scans on a WordPress site and then attempt to crack passwords for those usernames. You can block such scans by adding the following code to your .htaccess file:
# BEGIN block author scans RewriteEngine On RewriteBase / RewriteCond %{QUERY_STRING} (author=\d+) [NC] RewriteRule .* - [F] # END block author scans
Browse the selection of WordPress Themes to view latest designs and learn more about WordPress features.