Introduction

WordPress uses the default .htaccess file to store configuration information and handle server requests.

For example, .htaccess can enable or disable many server features, including redirection of URLs, server signature, caching of files, password protection, and customized error pages.

This tutorial will show you how to find, edit, and create the default .htaccess file in WordPress.

how-to-create-edit-htaccess-wordpress

What Is the .htaccess File

.htaccess is a standard configuration file used in web servers. If you are familiar with Apache, you may have experience in editing .htaccess to grant or revoke access to website resources.

WordPress is a bit different. In WordPress, the default .htaccess file is mainly used to handle permalinks to pages on your WordPress website. However, as a configuration file, you can also add additional configuration options to adjust the behavior of your website, such as:

  • URL redirects and rewriting
  • Block hotlinking of images
  • Handling server errors
  • Password protection
  • Blacklisting and whitelisting of IPs
  • Block users by referring URL

Where Is the .htaccess File Located in WordPress

The .htaccess file is stored in the root directory of a WordPress installation. The period (dot) at the beginning of the filename indicates the file is hidden.

If you are using cPanel, click the Settings button in the upper-right corner, then select Show hidden files, then click Save. You should be able to open the public_html folder of your WordPress installation and find .htaccess listed.

htaccess-wordpress-how-to-find-hidden-files

How to Create a Default WordPress .htaccess File

In some instances, WordPress may not create the default .htaccess file, or it may accidentally be deleted. Navigate to the public_html folder to view the list of files. Make sure you have configured your system to show hidden files, as noted above.

1. Create a new file using the + File button in the upper-left corner. Name the file “.htaccess.”

2. Open the file for editing by selecting Edit.

htaccess-edit-wordpress

3. Enter the following text:

# BEGIN WordPress

RewriteEngine On

RewriteBase /

RewriteRule ^index\.php$ - [L]

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule . /index.php [L]

# END WordPress

4. Save the file and exit.

How to Edit the WordPress .htaccess File

Editing .htaccess in cPanel

  1. To make a copy of the file in the cPanel file manager, click .htaccess to highlight it. Then use the Download button in the top menu to save a copy to your local machine.
  2. Once you’ve made a copy, you can edit .htaccess. In cPanel, right-click the file, then click Edit. You may now make adjustments to the file.

Editing .htaccess File with FTP Client

You may also use an FTP client to log in and download a copy of .htaccess directly to your local machine.

Numerous free FTP clients are available, such as FileZilla. In the example below, we are using FileZilla:

  1. Log in to your server’s FTP hosting account.
  2. Navigate to the root of your WordPress installation to show hidden files:  Menu > Options > Select Server > Force showing hidden filesforce-hidden-file-filezilla-htaccess-wordpress
  3. Locate the root folder of your domain then download the .htaccess file.
  4. Now, you are ready to edit the .htaccess file.

Note: If you are working from a Linux command prompt, you can edit the file by entering sudo nano WordPress_root/.htaccess. Replace WordPress_root with the actual directory of your WordPress files.


WordPress .htaccess Configuration Options

Redirect Web Traffic

If you have changed a permalink on your website, you can use a 301 redirect to forward traffic to the new page. This allows users with bookmarks or hyperlinks to be routed to the live page.

Edit your .htaccess file and add the following line:

Redirect 301 /old_permalink.html http://www.website.com/current_permalink.html

This can be done for each page you need to redirect.

Protect Sensitive WordPress Files

To prevent web access to the wp-config, error_logs, php.ini, and htaccess/htpasswds files, add the following:

<FilesMatch "^.*(error_log|wp-config\.php|php.ini|\.[hH][tT][aApP].*)$">

Order deny,allow

Deny from all

Force an SSL Connection

Enter the following to force an encrypted SSL connection:

SSLOptions +StrictRequire

SSLRequireSSL

SSLRequire %{HTTP_HOST} eq "www.WordPress.com"

ErrorDocument 403 https://www.WordPress.com

Conclusion

WordPress is a powerful CMS with many advanced options. Now you know how to find, edit, and create the default WordPress .htaccess file. Make sure you always create a backup before editing it.