Modifying the core functionality of your wordpress website, improving security, doing redirects, or any major configuration, there’s one common step: Locating, creating, and/or editing the .htaccess file.
Locate the .htaccess file of your wordpress site from your hosting control panel. Navigate to the root folder of the file manager, and you’ll see a file named “.htaccess”. Enable the “view hidden files” option if you don’t see it. Right click on the file to edit it with a text editor.
Since this single file dictates the functionality of your entire website, it’s easy to mess things up if something goes wrong. Let’s talk about the precautions to take and how you can locate and edit the .htaccess file with different methods.
What is the .htaccess file anyway?
The .htaccess file is a configuration file that can control a website’s behavior on a per-directory basis. This configuration file acts as the control room of your wordpress website. It gives you the ability to modify every functionality of your site.
With it, you can manage your site’s behavior, and security protocols, set up redirects, and optimize site performance without touching its core code.
Now, for a general website, you don’t really need a .htaccess file. However, when you’re talking about CMS and the dynamic functionality that WordPress comes with, you sure have it on your root folder. You just have to locate it to edit the functionality.
Precaution While Working With The Default WordPress .htaccess File
The .htaccess file isn’t a thing you should be playing with, since it determines how your website functions. So, before you bring changes or modify the file, here are a few precautionary steps to take:
Take a backup of the original file
Before you make any changes to the .htaccess file, make sure to create a backup copy of the original file. This will allow you to easily restore the original file if something goes wrong down the line.
Use the correct syntax while editing
The .htaccess file is very sensitive to syntax errors, so make sure that you use the correct syntax for any changes you make. Even a small typo can cause the file to become invalid, which can lead to errors on your website.
Don’t delete codes You Don’t Understand
The default WordPress .htaccess file contains important code necessary for your website to function properly. Don’t delete any of this code unless you’re sure that you know what you’re doing.
Always test your Changes
If you make changes to the .htaccess file, test your website thoroughly to make sure that everything is still working properly. Test all the different pages and functions of your site to ensure that nothing has been broken.
Keep security in mind
Remember, the .htaccess file can be used to enhance your website’s security, but it can also compromise it if done wrong. Make sure that you don’t accidentally open up security holes by making changes to the file.
Consult with an expert if you’re unsure
If you’re not sure how to make changes to the .htaccess file or if you’re concerned about the potential impact of your changes, it’s best to consult with an expert, such as a WordPress developer or your hosting provider’s support team.
Keep a Log of Changes to Your .htaccess File
This is a pro tip: keeping a log and having a backup will save your day in case anything goes wrong with your website. In case you need to revert an action, you can check back to the log. You can use a version control system like Git to make this easier.
How To Find/Locate The Default WordPress .htaccess File
So, now you know the security drill before getting your hands dirty. Let’s dive deep and see how you’re going to locate .htaccess, take a backup, and edit it if necessary:
How to locate Default WordPress .htaccess file with cPanel:
There are two methods of locating it. One is using a cPanel, and the other is with an FTP client software program. Here are both the ways below:
Step 1: Log in to your website’s dashboard
Log in to your cPanel account. You can usually access it by visiting your website URL followed by “/cpanel” or by accessing it through your hosting provider’s control panel. Ask them if you’re unsure about it.
Step 2: Navigate to the root folder
In the cPanel dashboard, scroll down to the “Files” section, and click on “File Manager”. The File Manager will open up. Click the “public_html” folder and select the root directory of your WordPress installation.
Step 3: Locate the .htaccess file (Show hidden files)
Look for the .htaccess file in the root directory. If you can’t find it, make sure that you have enabled the option to show hidden files and folders. In the top right corner of the File Manager, click on the “Settings” button and check the box next to “Show Hidden Files (dot files)”.
How to locate .htaccess file with FTP client
FTP clients are just software that helps transfer files between the local and remote server. You can use FTP software like FileZilla, Cyberduck, or WinSCP to locate the file. Here are the steps:
Step 1: First, download and install an FTP client software like FileZilla, Cyberduck, or any other you like.
Step 2: Configure your web server settings by entering the host, port, login type, username, and password. You’ll get these from your web server’s control panel.
Step 3: Open your FTP client and navigate to the root directory of your WordPress installation. This is usually the “public_html” folder or a folder with the name of your website.
Step 4: Look for the .htaccess file in the directory. If you can’t see it, make sure that you have enabled the option to show hidden files and folders in your FTP client.
Creating a Default WordPress .htaccess File: A Step-by-Step Guide
The .htaccess file may not always be present in your list, and you may need to create one. You can generate the default .htaccess file. Here are two ways to do it:
Method 1: Creating The .htaccess File
The best way to have your default .htaccess file is by creating it right within the root directory. Here are the steps to do it:
Step 1: Navigate to the root directory following the method described above.
Step 2: Click on the “+File” Button to add/create a new file within the root folder.
Step 3: Write .htaccess as the file name and press enter to see a text editing field.
Step 4: In the text field, copy and paste the code below, save the file, and you’ll have your default .htaccess file.
Here’s how the code will look like:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L
</IfModule>
# END WordPress
Method 2: Generating The .htaccess File
Step 1: Ask your hosting provider and get all the details about your domain and hosting.
Step 2: Use an online .htaccess generator tool like htaccessredirect or others.
Step 3: Input all your data and click generate. It will generate the .htaccess file for you.
Once you have the .htaccess file created, all you have to do is, upload it to your root directory.
How to Upload .htaccess file to the root directory
If you’ve gone with the generating method, you’ll have the .htaccess file in your local computer. You can use either an FTP client or your web host’s file manager (Like cPanel). Here’s how you’ll upload it to the root folder of your website:
Method 1: Upload Using FTP server
Step 1: If you’re using an FTP client, navigate to the root directory of your WordPress installation (usually the “public_html”).
Step 2: Drag the .htaccess file from your local computer and drop it to the root directory in your FTP client. Alternatively, you can right-click on the file and select “Upload” or “Copy to” to transfer the file to the server.
Method 2: Using Hosting File Manager
Step 1: Log in to your cPanel of your wordpress website and access the root folder. You should find it in the “public_html” directory.
Step 2: Hit the “Upload” button in the top menu bar and select the .htaccess file from your local computer.
After the upload is complete using either methods, you should see it in the directory you selected.
How To Edit The Default WordPress .Htaccess File
Editing the default WordPress .Htaccess file becomes necessary in some cases like altering functionality or doing redirects. Here’s how you do it:
Editing the .htaccess file on WordPress
If you want to just reset the .htaccess file, log in to your WordPress dashboard and navigate to Settings > Permalinks.
Scroll down to the “Permalink Settings” section and click on the “Save Changes” button. This will regenerate the .htaccess file with the default WordPress rewrite rules.
Editing the .htaccess File For Customizations
If you need to make custom changes to the .htaccess file, you have 3 options:
Using an FTP client
Using the built-in file editor in your hosting control panel
Using a plugin such as “WP File Manager”.
Whichever you’re using, open the .htaccess file in a plain text editor, such as Notepad. Make the necessary changes to the file, being careful not to modify any necessary existing rules.
For example, you may need to add custom rewrite rules to redirect certain URLs or block access to specific files or directories.
Once you have made your changes, save the file or upload it back to your server if you’re using an FTP client or the file manager provided by your web host.
Verify that your website is functioning properly and that your changes have been implemented correctly.
How To Take Backup Of .htaccess File?
You must take a backup of your main .htaccess file before you modify or edit it. Here’s how you do it:
Step 1: Once you’ve located the .htaccess file, right-click on it and select “Copy” from the context menu.
Step 2: Select a destination folder where you want to save the backup file. Click on the “Copy File(s)” button to create a copy of the .htaccess file.
Step 3: You can rename the backup file to something like “htaccess_backup_date” to make it easy to identify and keep track of.
Step 4: Once the backup file has been created, you can download it to your local computer or leave it in the directory for safekeeping.
Common .htaccess Code Snippets
People edit the .htaccess file for various reasons, each having different code snippets. Here are 10 common code snippets you can use today:
1. Redirect all traffic to HTTPS:
| RewriteEngine on RewriteCond %{HTTPS} !on RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} # Note: It’s also recommended to enable HTTP Strict Transport Security (HSTS) # on your HTTPS website to help prevent man-in-the-middle attacks. # See https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security <IfModule mod_headers.c> # Remove “includeSubDomains” if you don’t want to enforce HSTS on all subdomains Header always set Strict-Transport-Security “max-age=31536000;includeSubDomains” </IfModule> |
2. Redirect a Single Page:
| Redirect 301 /oldpage.html http://www.example.com/newpage.html Redirect 301 /oldpage2.html http://www.example.com/folder/ |
3. Redirect an Entire Site
| Redirect 301 / http://newsite.com/ |
4. Exclude URL from Redirection
| RewriteEngine On RewriteRule ^robots.txt – [L] |
5. Block access to the wp-config.php file:
| <Files wp-config.php> Order allow,deny Deny from all </Files> |
6. Protecting Your Site From Hotlinking
| RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC] RewriteRule \.(jpg|jpeg|png|gif)$ – [NC,F,L] |
7. Custom Error Pages
| ErrorDocument 500 “Houston, we have a problem.” ErrorDocument 401 http://error.example.com/mordor.html ErrorDocument 404 /errors/halflife3.html |
8. Auto UTF-8 Encode
| # Use UTF-8 encoding for anything served text/plain or text/html AddDefaultCharset utf-8 # Force UTF-8 for a number of file formats AddCharset utf-8 .atom .css .js .json .rss .vtt .xml |
9. Block spammers and bots
| # Blocks spammers and bots <Limit GET POST> Order Allow,Deny Deny from xx.xx.xx.xxx Deny from yy.yy.yy.yyy </Limit> Allow from all |
10. Send visitors to a maintenance page
| # Redirects to maintenance page <IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{REMOTE_ADDR} !^123\.456\.789\.000 RewriteCond %{REQUEST_URI} !/maintenance.html$ [NC] RewriteCond %{REQUEST_URI} !\.(jpe?g?|png|gif) [NC] RewriteRule .* /maintenance.html [R=503,L] </IfModule> |
Best Practices for Editing the Default WordPress .htaccess File
Follow these best editing practices of editing the .htaccess file if you want to stay safe with your site:
Understand The Impact of Incorrect .htaccess Codes
Incorrect .htaccess codes can break your website, make it inaccessible, or negatively impact your website’s search engine ranking. So, whatever you do, don’t edit the .htaccess code, if you don’t know what you are dealing with.
Know The .htaccess File Structure
You need to familiarize yourself with the .htaccess file structure. The structure includes header comments, code blocks targeting specific aspects like redirects. Make changes accordingly.
Testing The .htaccess File After Changes
Test your modified .htaccess file to ensure it works as intended. Check website functionality, accessibility, and load times. For the best testing, you can use Google Search Console, SEMrush, Serpstat, etc., in terms of SEO.
Removing Unnecessary Codes
The code snippets you’re using in your .htaccess file puts weight and impacts the functionality of your site. So, have just as few codes as possible in the file and have only the necessary ones.
Take Backup
Always back up the original file before making any changes. This will allow you to revert to the original file in case something goes wrong.
Use a Good Text Editor
Use a text editor that is suitable for editing .htaccess files, such as Notepad++ or Sublime Text. Avoid using word processors like Microsoft Word or Google Docs, as they may add formatting or hidden characters that can cause issues.
Keep Codes Clean
Keep the .htaccess file clean and organized by removing any unused rules. This will improve your site’s performance and reduce the risk of errors.
Use Proper Syntaxes
Use proper syntax and formatting when adding new code. Incorrect syntax can cause errors or prevent the file from functioning properly.
Document Your Changes
Use comments to document any changes you make to the .htaccess file. This will make it easier for you and other developers to understand the purpose of each rule or configuration.
Conclusion
Working with your .htaccess file can be a fun job if you know what you’re doing. It helps you go the extra mile to ensure your site is highly functional and secure.
Keep in mind that you should not make changes unless you’re 100% sure of it.
Make sure to include any necessary security configurations, such as preventing hotlinking or blocking malicious requests, to help protect your site from attacks.
