You are looking for some useful .htaccess tips for your WordPress site. The .htaccess file is a powerful configuration file that allows you to do a lot of neat things on your website. In this article, we will show you some of the most useful .htaccess tips for WordPress that you can try right away.

Useful htaccess tips for wordpress

What is a .htaccess file and how to edit it?

The .htaccess file is the server configuration file. It allows you to define the rules that your server follows for your site.

WordPress uses .htaccess file to create SEO friendly URL structure. However, this file can do more.

The .htaccess file is located in the root directory of your WordPress site. You will need to connect to your website using an FTP client to edit it. Or you can access the hosting management section to edit it.

Where is the .htaccess file

Before editing your .htaccess file, it is important to download a copy of it to your computer for backup. You can use that file in case anything goes wrong.

Let's take a look at some useful .htaccess tips for WordPress that you can try.

1. Protect your WordPress admin area

You can use .htaccess to protect your WordPress admin area by limiting access to only selected IP addresses. Just copy and paste this code into your .htaccess file:

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "WordPress Admin Access Control"
AuthType Basic

order deny,allow
deny from all
# whitelist IP address 1
allow from
# whitelist IP address 2
allow from

Don't forget to replace the xx value with your own IP address. If you use more than one IP address to access the internet, make sure you add them too.

READ  Free download ShoppyStore WooCommerce WordPress Theme V3.3.6

For detailed instructions, see our guide on how to protect the wp-admin directory using .htaccess.

2. Password protect WordPress admin directory

protect wp-admin directory

If you access your WordPress site from multiple locations including public internet sites, then restricting access to specific IP addresses may not be right for you.

You can use the .htaccess file to add additional password protection to your WordPress admin area.

First, you need to create a .htpasswds file. You can easily create one using the submission process create online this.

Upload this .htpasswds file outside your publicly accessible web directory or / public_html / directory. The path will be:


Next, create a .htaccess file and download it in the / wp-admin / directory and then add the following code to it:

AuthName "Admins Only"
AuthUserFile /home/yourdirectory/.htpasswds/public_html/wp-admin/passwd
AuthGroupFile /dev/null
AuthType basic
require user putyourusernamehere
Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any

Important: Don't forget to replace the AuthUserFile path with the file path of your .htpasswds file and add your own username.

3. Disable directory browsing

Many WordPress security experts recommend that you disable directory browsing. When directory browsing is enabled, hackers can look into your site's file and directory structure to find vulnerable files.

To disable directory browsing on your site, you need to add the following line to your .htaccess file.

4. Disable PHP execution in some WordPress directories

Sometimes hackers break into a WordPress site and install a backdoor. These backdoor files are often disguised as core WordPress files and are located in / wp-includes / or / wp-content / uploads /.

An easier way to improve your WordPress security is to disable PHP execution for some WordPress directories.

You will need to create a blank .htaccess file on your computer and then paste the following code inside it.

Files *.php>
deny from all

Save the file and then upload it to your / wp-content / uploads / and / wp-includes / folder.

5. Protect your WordPress configuration wp-config.php file

Probably the most important file in the root directory of your WordPress site is the wp-config.php file. It contains information about your WordPress database and how to connect to it.

READ  What is rel = "noopener" attribute in WordPress - HOSTVN Blog

To protect your wp-config.php file from unattended access, simply add this code to your .htaccess file:

files wp-config.php>
order allow,deny
deny from all

6. Set up 301 redirects via .htaccess file

Using 301 redirects is the most SEO friendly way to tell your users that content has been moved to a new location.

On the other hand, if you want to quickly set up redirects, all you need to do is paste this code into your .htaccess file.

Redirect 301 /oldurl/
Redirect 301 /category/television/

7. Suspend suspicious IP addresses

Do you see unusually high requests coming to your site from a specific IP address? You can easily block such requests by blocking the IP address in your .htaccess file.

Add the following code to your .htaccess file:

order allow,deny
deny from
allow from all

Don't forget to replace xx with the IP address you want to block.

8. Disable image Hotlinking in WordPress using .htaccess

Other websites that use images directly from your site can make your WordPress site slow and exceed your bandwidth limit. This is not a big deal for most smaller websites. However, if you run a popular website or a website with lots of photos, then this can become a serious concern.

You can prevent image links by adding this code to your .htaccess file:

#disable hotlinking of images with forbidden or custom image option
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www.)? (NC)
RewriteCond %{HTTP_REFERER} !^http(s)?://(www.)? (NC)
RewriteRule .(jpg|jpeg|png|gif)$ – (NC,F,L)

This code only allows images to be displayed if the request originated from or Don't forget to replace with your own domain name.

9. Protect .htaccess from unauthorized access

As you have seen that a lot of things can be done using the .htaccess file. Due to its strength and control on your web server, it is important to protect it from unauthorized access by hackers. Just add the following code to your .htaccess file:

files ~ "^.*.((Hh)(Tt)(Aa))">
order allow,deny
deny from all
satisfy all

10. Increase file upload size in WordPress

There are different ways to increase file upload size limits in WordPress. However, for users on sharehost, some of these methods do not work.

READ  Essay on Women Empowerment in India For Class 10

One of the methods that has worked for many users is by adding the following code to their .htaccess file:

php_value upload_max_filesize 64M
php_value post_max_size 64M
php_value max_execution_time 300
php_value max_input_time 300

This code simply tells your web server to use these values ​​to increase file upload size as well as maximum execution time in WordPress.

11. Disable access to XML-RPC file using .htaccess

Each WordPress installation comes with a file named xmlrpc.php. This file allows third-party applications to connect to your WordPress site. Most WordPress security experts recommend that if you do not use any third party applications, then you should turn this feature off.

There are many ways to do that, one of which is by adding the following code to your .htaccess file:

# Block WordPress xmlrpc.php requests
Files xmlrpc.php>
order deny,allow
deny from all

For more information, see our guide on disabling XML-RPC in WordPress.

12. Block author scanning in WordPress

A common technique used in brute force attacks is to run an author scan on a WordPress site and then attempt to crack passwords for those usernames.

You can block such scans by adding the following code to your .htaccess file:

# BEGIN block author scans
RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} (author=d+) (NC)
RewriteRule .* - (F)
# END block author scans

We hope this article helped you learn the most useful .htaccess tips for WordPress.

If you like the article “12 useful htaccess tips for wordpress” please comment below and share for everyone to read. Thank you for following the article. And if you want to copy the article, please cite the source:

Read more :

Leave a Reply

Your email address will not be published. Required fields are marked *