Back to blog

Usually, WordPress users open the .htaccess file when they need to fix their permalinks. However, it is an important configuration file and opens up much wider possibilities. The .htaccess file allows you to improve the performance and security of your website.

some-.htaccess-tricks-for-wordpress

This article will tell you about some useful .htaccess tricks for WordPress that you can try on your website.

How to Start

Firstly, make a backup of your existing .htaccess file, before making any changes. Using an FTP client, connect to your website and download the .htaccess file to your hard drive. You can upload the backup file, if something will go wrong. If you can’t find the .htaccess file, go to your FTP client` settings and configure it to show hidden files. Create a .htaccess file, if you do not have one in the root folder of your website. To do so, just create a blank text file and then save it as .htaccess. Ensure that you named the file .htaccess, but not htaccess. Finally, upload the new file to the root folder of your website.

How to Secure Your WordPress Admin Area

The .htaccess file can be used to protect your WordPress admin area. It can limit the access to selected IP addresses. Just include the following code into the .htaccess file:

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName “WordPress Admin Access Control”
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
# whitelist Name IP address
allow from xx.xx.xx.xxx
# whitelist Name IP address
allow from xx.xx.xx.xxx
# whitelist Name IP address
allow from xx.xx.xx.xxx
# whitelist Name IP address
allow from xx.xx.xx.xxx
# whitelist Work IP address
allow from xx.xx.xx.xxx
</LIMIT>

Place your own IP addresses instead of xx.xx.xx.xxx. Make sure you add all IP addresses, if you use more than one IP address to access the Web.

How to Protect Your WordPress Admin Folder with Password
password-protect-admin

Authentication Form

Firstly, using this online generator, create a .htpasswds file and upload it outside /public_html/ folder or your publicly accessible web directory.

For example:

home/user/.htpasswds/public_html/wp-admin/passwd/

Then, create a new .htaccess file and add the following code:

AuthName “Admins Only”
AuthUserFile
/home/mydirectory/.htpasswds/public_html/wp-admin/passwd
AuthGroupFile /dev/null
AuthType basic
require user your.username
<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any
</Files>

Pay attention: Make sure you’ve replaced AuthUserFile path with your .htpasswds file` path and typed your own username.

This .htaccess file should be uploaded to your wp-admin folder.

Now only you or the users you allow will be able to access your WordPress admin folder, since it is protected by password.

How to Disable Directory Browsing

With directory browsing enabled, hackers can easily find a vulnerable file having an access to your file structure and website’s directory. Thus, many WordPress users suggest to disable directory browsing.

directory-browsing

Directory Browsing

Add this line in your .htaccess file to disable directory browsing in WordPress:

Options -Indexes

How to Disable PHP Execution in Some WordPress Directories

Many WordPress websites have backdoor files. They are often placed in /wp-content/uploads/ or /wp-includes/ folders and disguised as core WordPress files. So disabling PHP execution for some WordPress directories is the the easiest way to improve your security in WordPress.

Paste the following code into a blank newly created .htaccess file:

<Files *.php>
deny from all
</Files>

Then upload this file to your /wp-includes/ and /wp-content/uploads/ directories.

How to Protect Your WordPress Configuration

The wp-config.php file is probably the most important file in the root directory of your WordPress website. It includes your WordPress database information as well as the information on how to connect to it. Just add this code to your .htaccess file to protect your wp-config.php file from unauthorized access:

<files wp-config.php>
order allow,deny
deny from all
</files>

How to Set Up 301 Redirects Through .htaccess File

If you need to inform your visitors that a content was moved to a new location, it is suggested to use 301 redirects, since it is the most SEO friendly way. In addition, it is better to check out how to do 301 redirects in WordPress with Quick Page/Post Redirect, if you want to manage your 301 Redirects properly on posts per post basis.

However, if all you need is to redirect users from one URL to another, just insert the following code into your .htaccess file

Redirect 301 /oldurl/ http://www.example.com/newurl
Redirect 301 /category/television/
http://www.example.com/category/tv/

How to Block Suspicious IP Addresses

Want to block an IP address from accessing your site, since there are unusual requests from it? Just paste this code to your .htaccess file:

<Limit GET POST>
order allow,deny
deny from xxx.xxx.xx.x
allow from all
</Limit>

Place the IP address that you want to block instead of xxx .

How to Disable Image Hotlinking Using .htaccess

By hotlinking images from your website, other people steal your bandwidth and slow down your website. Traditionally, most users does not concern about it. But hotlinking can become a serious issue if you have a large website with lots of photos and images. By adding the following code in your .htaccess file you will prevent image hotlinking:

#disable hotlinking of images with forbidden or custom image option
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yoursite [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?feeds2.feedburner.com/yoursite [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ – [NC,F,L]

Just replace yoursite with your own domain name.

How to Protect .htaccess From Unauthorized Access

As you have noticed, .htaccess is a very important file, since there are so many things that can be done with the help of it. So it is necessary to protect it from unauthorized access by adding the following code to your .htaccess file:

<files ~ “^.*\.([Hh][Tt][Aa])”>
order allow,deny
deny from all
satisfy all
</files>

We hope that this article was useful for you to discover some of the most important .htaccess tricks for WordPress.



Popular Posts

Like This Article? Subscribe to Our Monthly Newsletter!

Comments are closed.