Htaccess is a hidden configuration file for the Apache web server. WordPress uses the .htaccess file to store configuration information and handle server requests.

For example, .htaccess can enable or disable many server features, including redirection of URL’s, server signature, caching of files, password protection, and customized error pages.

Our tutorial will show you how to find, edit, and create a default .htaccess file in WordPress.


What is the .htaccess File?

.htaccess is a standard configuration file used in web servers. If you’re familiar with Apache, you may have experience editing .htaccess to grant or revoke access to website resources.

WordPress is a bit different. In WordPress, the default .htaccess file is mainly used to handle permalinks to pages on your WordPress website. However, as a configuration file, you can also add additional configuration options to adjust the behavior of your website such as:

  • URL redirects and rewriting
  • Block hotlinking of images
  • Handling server errors
  • Password protection
  • Blacklisting and whitelisting of IP’s
  • Block users by referring URL

Where is the .htaccess file located in WordPress?

The .htaccess file is stored in the root directory of the WordPress installation. The period (dot) at the beginning of the filename indicates the file is hidden.

If you’re using a cPanel file manager, click the Settings button in the upper-right corner, then select Show hidden files, then click Save. You should be able to open the public_html folder for your WordPress installation and find .htaccess listed just after the folders.


How to create a Default WordPress .htaccess file

In some instances, WordPress may not create the default .htaccess file, or it may accidentally be deleted. Navigate to the public_html folder to view the list of files. Make sure you’ve configured your system to show hidden files, as above.

1. Create a new file using the + File button in the upper-left corner. Name the file .htaccess.

2. Open the file for editing by selecting Edit.


3. Enter the following text:

# BEGIN WordPress

RewriteEngine On

RewriteBase /

RewriteRule ^index\.php$ - [L]

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule . /index.php [L]

# END WordPress

4. Save the file and exit.

How to edit the WordPress .htaccess file

Editing .htaccess in Cpanel

1. To make a copy of the file in cPanel file manager, click .htaccess to highlight it. Then use the Download button on the top menu to save a copy to your local machine.

2. Once you’ve made a copy, you can edit .htaccess. In cPanel File Manager, right-click the file, then click Edit. You may now make adjustments to the file.

Editing .htaccess file with FTP client

You may also use an FTP client to log in and download a copy of .htaccess directly.

Numerous free FTP clients are available, such as FileZilla. In the example below, we are using FileZilla:

  1. Log into your servers FTP hosting account
  2. Navigate to the root of your WordPress installation to show hidden files:  Menu > Options > Select Server > Force showing hidden filesforce-hidden-file-filezilla-htaccess-wordpress
  3. Locate the root folder of your domain then download the .htaccess file.
  4. Now, you are ready to edit the .htaccess file.

Note: If you’re working from a Linux command prompt, you can edit the file by entering sudo nano WordPress_root/.htaccess. Replace WordPress_root with the actual directory of your WordPress files.

WordPress .htaccess Configuration Options

Redirect Web Traffic

If you’ve changed a permalink on your website, you can use a 301 redirect to forward to the new page. This allows users with bookmarks or hyperlinks to be routed to the correct new page.

Edit your .htaccess file and add the following line:

Redirect 301 /old_permalink.html

This can be done for each page you need to redirect.

Protect Sensitive WordPress Files

To prevent web access to the wp-config, error_logs, php.ini, and htaccess/htpasswds files, add the following:

<FilesMatch "^.*(error_log|wp-config\.php|php.ini|\.[hH][tT][aApP].*)$">

Order deny,allow

Deny from all

Force an SSL Connection

To force an encrypted SSL connection. Enter the following:

SSLOptions +StrictRequire


SSLRequire %{HTTP_HOST} eq ""

ErrorDocument 403


WordPress is a powerful CMS with many advanced options. Now you know how to find, edit, and create a default WordPress file. Make sure you always backup before editing the .htaccess file.