Most Useful  .htaccess Tricks for WordPress

Most Useful .htaccess Tricks for WordPress

So many WordPress users come across .htaccess file when fixing their permalinks. However, you can do so much more than just fixing permalink. The .htaccess file is a powerful configuration file that gives you access to improve your wp site’s security and performance. In this post, we’ll show you 9 most useful .htaccess tricks for WordPress that you can try on your wp site right away.

Getting Started

Before you can make any changes to your site, you need to backup your existing .htaccess file should in case something goes wrong. Connect to your website using an FTP client or CPANEL and kindly download the .htaccess file to your computer. If something goes wrong, then you can upload the backup file you download in the first place

If you cannot see the .htaccess file, then make sure your FTP client is configured to show hidden files or use CPANEL straight away. If you do not have a .htaccess file in your website’s root folder, then you need to create one. Simply create a blank text file and save it as .htaccess. Make sure that the file name is .htaccess and not htaccess. Lastly, you need to upload the file to your website’s root folder.

  1. Protect Your WordPress Admin Area

You can use .htaccess to protect your WP admin area by limiting the access to some selected IP addresses only. Simply copy and paste this code into your .htaccess file:

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "WordPress Admin Access Control"
AuthType Basic
order deny,allow
deny from all
# whitelist compHerd's IP address
allow from
# whitelist David's IP address
allow from
# whitelist Muhammad's IP address
allow from
# whitelist Work IP address
allow from

Replace with your own IP addresses. If you use more than one IP address to access the internet, then make sure you add them as well so you won’t lock yourself out of your wp site

  1. Password Protect WordPress Admin Folder

Firstly, you’ll need to create a .htpasswds file. You can just easily create one by using this online generator. Upload this .htpasswds file outside your publicly accessible web directory or /public_html/ folder. A good path should be:

Also Read  How to Completely Remove Name/Email From Comment Form


Now you should create a new .htaccess file and add this code:

AuthName "Admins Only"
AuthUserFile /home/yourdirectory/.htpasswds/public_html/wp-admin/passwd
AuthGroupFile /dev/null
AuthType basic
require user putyourusernamehere
<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any 

Important: Don’t forget to replace the AuthUserFile path with the file path of your .htpasswds file and add your own username. Upload this .htaccess file to your wp-admin folder. That’s all, your WordPress admin folder is now password protected and only you or the users you allow will be able to access it.

  1. Disable Directory Browsing in WordPress

Many WordPress security experts recommend disabling directory browsing. With directory browsing enabled, hackers can look into your site’s directory and file structure to look for and find a vulnerable file.

To disable directory browsing in WordPress all you need to do is add this single line in your .htaccess file:

Options -Indexes 
  1. Disable PHP Execution in Some WordPress Directories

Sometimes hacked WordPress sites usually have backdoor files. These backdoor files are often disguised as core WordPress files and are placed in /wp-includes/ or /wp-content/uploads/ folders. An easier way to improve your WordPress security is by disabling PHP execution for some WordPress directories.

Read: How to Start a blog(Experts Mode for Beginners)

Create a blank .htaccess file and paste this code inside it:

<Files *.php>
deny from all

Now upload this file to your /wp-content/uploads/ and /wp-includes/ directories.

  1. Protect Your WordPress Configuration wp-config.php File

Probably the most important file in your WordPress website’s root directory is the wp-config.php file. It contains information about your WordPress database and how to connect to it. To protect your wp-config.php file from unauthorized access, simply add this code to your .htaccess file:

<files wp-config.php>
order allow,deny
deny from all
  1. Setting up 301 Redirects Through .htaccess File

Using 301 redirects is the most SEO friendly way to tell your users that a content has moved to a new location, then all you need to do is paste this code in your .htaccess file

Redirect 301 /oldurl/
Redirect 301 /category/television/
  1. Ban Suspicious IP Addresses

Seeing unusual requests from an IP address? Want to block an IP address from accessing your website? Add this code to your .htaccess file:

<Limit GET POST>
order allow,deny
deny from
allow from all

Replace xxx with the IP address you want to block.

  1. Disable Image Hotlinking in WordPress Using .htaccess

Other people can slow down your website and steal your bandwidth by hotlinking images from your website. Normally, this doesn’t concern most users. However, if you run a popular site with lots of images and photos, then hotlinking can become a serious issue. You can prevent image hotlinking by adding this code in your .htaccess file:

#disable hotlinking of images with forbidden or custom image option
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www.)? [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www.)? [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www.)? [NC]
RewriteRule .(jpg|jpeg|png|gif)$ – [NC,F,L] 

Don’t forget to replace with your own domain name.

  1. Protect .htaccess From Unauthorized Access

As you have seen that there are so many things that can be done using the .htaccess file. Due to the power and control, it has on your web server, it is important that you protect it from unauthorized access by hackers. Simply add this code to your .htaccess file:

<files ~ "^.*.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Close Menu


Spelling error report

The following text will be sent to our editors: