12 most useful .htaccess tricks for WordPress

Hello, our support team is ready to present you a new tutorial about 12 most useful .htaccess tricks for WordPress.

The .htaccess file is a server configuration file which allows you to define rules for your server to follow for your website.

WordPress usually uses .htaccess file to generate SEO friendly URLs. However, this file can be used for other various goals.

The .htaccess file is located in your WordPress site’s root folder. You will need to connect to your website using an FTP client to edit it.

1. Protect Your WordPress Admin Area

   Simply copy and paste this code into your .htaccess file:

   AuthUserFile /dev/null
   AuthGroupFile /dev/null
   AuthName "WordPress Admin Access Control"
   AuthType Basic
   <LIMIT GET>
   order deny,allow
   deny from all
   # whitelist Syed's IP address
   allow from xx.xx.xx.xxx
   # whitelist David's IP address
   allow from xx.xx.xx.xxx
   </LIMIT>
   

   You need to replace xx values with your own IP address

2. Password Protect WordPress Admin Folder

   You can use .htaccess file to add an additional password protection to your WordPress admin area.

   1. First, you need to generate a .htpasswds file. You can do it by using this online generator.

   2. Upload this .htpasswds file outside your publicly accessible web directory or /public_html/ folder. For example: /public_html/wp-admin/passwd/

   3. Create a .htaccess file and upload it in /wp-admin/ directory and then add the following codes in there:

      AuthName "Admins Only"
      AuthUserFile /home/yourdirectory/.htpasswds/public_html/wp-admin/passwd
      AuthGroupFile /dev/null
      AuthType basic
      require user putyourusernamehere
      <Files admin-ajax.php>
      Order allow,deny
      Allow from all
      Satisfy any 
      </Files>
      

   4. Replace AuthUserFile path with the file path of your .htpasswds file and add your own username

3. Disable Directory Browsing

   To disable directory browsing on your website, you need to add the following line to your .htaccess file:

   Options -Indexes
   

4. Disable PHP Execution in Some WordPress Directories

   You can increase WordPress security by disabling PHP execution for some WordPress directories. You will need to create an empty .htaccess file on your computer and then paste the following code inside it:

   <Files *.php>
   deny from all
   </Files>
   

5. Protect Your WordPress Configuration wp-config.php File

   To protect your wp-config.php file from unathorized access, just add the following code to your .htaccess file:

   <files wp-config.php>
   order allow,deny
   deny from all
   </files>
   

6. Setting up 301 Redirects Through .htaccess File

   Using 301 redirects is the most SEO friendly way to tell your users that a content has moved to a new location. You can set up redirects by adding the following code to .htaccess file:

   Redirect 301 /oldurl/ http://www.example.com/newurl
   Redirect 301 /category/television/ 
   http://www.example.com/category/tv/
   

7. Ban Suspicious IP Addresses

   Add the following code to your .htaccess file. Don’t forget to replace xx with the IP address you want to block.

   <Limit GET POST>
   order allow,deny
   deny from xxx.xxx.xx.x
   allow from all
   </Limit>
   

8. Disable Image Hotlinking in WordPress Using .htaccess

   You can prevent image hotlinking by adding this code to your .htaccess file:

   #disable hotlinking of images with forbidden or custom image option
   RewriteEngine on
   RewriteCond %{HTTP_REFERER} !^$
   RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?wpbeginner.com [NC]
   RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC]
   RewriteRule \.(jpg|jpeg|png|gif)$ – [NC,F,L] 
   

9. Protect .htaccess From Unauthorized Access

   Due to the power and control it has on your web server, it is important to protect it from unauthorized access by hackers. Simply add following code to your .htaccess file:

   <files ~ "^.*\.([Hh][Tt][Aa])">
   order allow,deny
   deny from all
   satisfy all
   </files>
   

10. Increase File Upload Size in WordPress

    You can do it by adding the following code to .htaccess file:

    php_value upload_max_filesize 64M
    php_value post_max_size 64M
    php_value max_execution_time 300
    php_value max_input_time 300
    

11. Disable Access to XML-RPC File Using .htaccess

    There are multiple ways to do that, one of them is by adding the following code to your .htaccess file:

    # Block WordPress xmlrpc.php requests
    <Files xmlrpc.php>
    order deny,allow
    deny from all
    </Files>
    

12. Blocking Author Scans in WordPress

    A common technique used in brute force attacks is to run author scans on a WordPress site and then attempt to crack passwords for those usernames. You can block such scans by adding the following code to your .htaccess file:

    # BEGIN block author scans
    RewriteEngine On
    RewriteBase /
    RewriteCond %{QUERY_STRING} (author=\d+) [NC]
    RewriteRule .* - [F]
    # END block author scans 
    

Browse the selection of WordPress Themes to view latest designs and learn more about WordPress features.