Categories

Featured templates

12 most useful .htaccess tricks for WordPress

Carey Burns June 13, 2018
Rating: 5.0/5. From 3 votes.
Please wait...

Hello, our support team is ready to present you a new tutorial about 12 most useful .htaccess tricks for WordPress.

The .htaccess file is a server configuration file which allows you to define rules for your server to follow for your website.

WordPress usually uses .htaccess file to generate SEO friendly URLs. However, this file can be used for other various goals.

The .htaccess file is located in your WordPress site’s root folder. You will need to connect to your website using an FTP client to edit it.

  1. Protect Your WordPress Admin Area

    Simply copy and paste this code into your .htaccess file:

    AuthUserFile /dev/null
    AuthGroupFile /dev/null
    AuthName "WordPress Admin Access Control"
    AuthType Basic
    
    order deny,allow
    deny from all
    # whitelist Syed's IP address
    allow from xx.xx.xx.xxx
    # whitelist David's IP address
    allow from xx.xx.xx.xxx
    
    

    You need to replace xx values with your own IP address

  2. Password Protect WordPress Admin Folder

    You can use .htaccess file to add an additional password protection to your WordPress admin area.

    1. First, you need to generate a .htpasswds file. You can do it by using this online generator.

    2. Upload this .htpasswds file outside your publicly accessible web directory or /public_html/ folder. For example: /public_html/wp-admin/passwd/

    3. Create a .htaccess file and upload it in /wp-admin/ directory and then add the following codes in there:

      AuthName "Admins Only"
      AuthUserFile /home/yourdirectory/.htpasswds/public_html/wp-admin/passwd
      AuthGroupFile /dev/null
      AuthType basic
      require user putyourusernamehere
      
      Order allow,deny
      Allow from all
      Satisfy any 
      
      
    4. Replace AuthUserFile path with the file path of your .htpasswds file and add your own username

  3. Disable Directory Browsing

    To disable directory browsing on your website, you need to add the following line to your .htaccess file:

    Options -Indexes
    
  4. Disable PHP Execution in Some WordPress Directories

    You can increase WordPress security by disabling PHP execution for some WordPress directories. You will need to create an empty .htaccess file on your computer and then paste the following code inside it:

    
    deny from all
    
    
  5. Protect Your WordPress Configuration wp-config.php File

    To protect your wp-config.php file from unathorized access, just add the following code to your .htaccess file:

    
    order allow,deny
    deny from all
    
    
  6. Setting up 301 Redirects Through .htaccess File

    Using 301 redirects is the most SEO friendly way to tell your users that a content has moved to a new location. You can set up redirects by adding the following code to .htaccess file:

    Redirect 301 /oldurl/ http://www.example.com/newurl
    Redirect 301 /category/television/ 
    http://www.example.com/category/tv/
    
  7. Ban Suspicious IP Addresses

    Add the following code to your .htaccess file. Don’t forget to replace xx with the IP address you want to block.

    
    order allow,deny
    deny from xxx.xxx.xx.x
    allow from all
    
    
  8. Disable Image Hotlinking in WordPress Using .htaccess

    You can prevent image hotlinking by adding this code to your .htaccess file:

    #disable hotlinking of images with forbidden or custom image option
    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?wpbeginner.com [NC]
    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC]
    RewriteRule \.(jpg|jpeg|png|gif)$ – [NC,F,L] 
    
  9. Protect .htaccess From Unauthorized Access

    Due to the power and control it has on your web server, it is important to protect it from unauthorized access by hackers. Simply add following code to your .htaccess file:

    
    order allow,deny
    deny from all
    satisfy all
    
    
  10. Increase File Upload Size in WordPress

    You can do it by adding the following code to .htaccess file:

    php_value upload_max_filesize 64M
    php_value post_max_size 64M
    php_value max_execution_time 300
    php_value max_input_time 300
    
  11. Disable Access to XML-RPC File Using .htaccess

    There are multiple ways to do that, one of them is by adding the following code to your .htaccess file:

    # Block WordPress xmlrpc.php requests
    
    order deny,allow
    deny from all
    
    
  12. Blocking Author Scans in WordPress

    A common technique used in brute force attacks is to run author scans on a WordPress site and then attempt to crack passwords for those usernames. You can block such scans by adding the following code to your .htaccess file:

    # BEGIN block author scans
    RewriteEngine On
    RewriteBase /
    RewriteCond %{QUERY_STRING} (author=\d+) [NC]
    RewriteRule .* - [F]
    # END block author scans 
    

Browse the selection of WordPress Themes to view latest designs and learn more about WordPress features.

Cool Wordpress Themes
This entry was posted in Monstroid Tutorials, WordPress Tutorials and tagged .htaccess, files. Bookmark the permalink.

Submit a ticket

If you are still unable to find a sufficient tutorial regarding your issue please use the following link to submit a request to our technical support team. We'll provide you with our help and assistance within next 24 hours: Submit a ticket