29th of July, 2017
10 Most Useful .htaccess Tricks for WordPress

What is .htaccess File and How to Edit it?

The .htaccess file is a server setup file. It enables you to characterize rules for your server to take after for your site.

WordPress utilizes .htaccess file to create SEO benevolent URL structure. Be that as it may, this file can do significantly more.

The .htaccess file is situated in your WordPress site's root envelope. You should interface with your site utilizing a FTP customer to alter it.


Here is how your .htaccess file might look like in your FTP client.

In the event that you can't discover your .htaccess file, at that point see our guide on the best way to discover .htaccess file in WordPress.

Before altering your .htaccess file, it is imperative to download a duplicate of it to your PC as reinforcement. You can utilize that file in the event that anything turns out badly.

Having said that, how about we investigate some helpful .htaccess traps for WordPress that you can attempt.

Protect Your WordPress Admin Area

You can utilize .htaccess to secure your WordPress admin territory by restricting the entrance to chose IP addresses as it were. Essentially duplicate and glue this code into your .htaccess file:

htaccess protect Wordpress admin area

Example htaccess code to whitelist administrator IP address.

Bear in mind to supplant xx esteems with your own particular IP address. In the event that you utilize more than one IP address to get to the web, at that point ensure you include them too.

For nitty gritty guidelines, see our guide on the most proficient method to constrain access to WordPress admin utilizing .htaccess.

Password Protect WordPress Admin Folder

password-protect Wordpress admin area

Server requests additional auth for password-protected Wordpress admin area.

On the off chance that you get to your WordPress webpage from multiple areas including open web spots, at that point constraining access to particular IP addresses may not work for you.

You can utilize .htaccess file to add an extra secret key security to your WordPress admin zone.

To start with, you have to create a .htpasswds file. You can without much of a stretch make one by utilizing this online generator.

Transfer this .htpasswds file outside your openly available web catalog or/public_html/organizer. A decent way would be: /home/client/.htpasswds/public_html/wp-admin/passwd/

Next, make a .htaccess file and transfer it in/wp-admin/index and after that include the accompanying codes in there:

htaccess code

Important: Don't neglect to supplant AuthUserFile way with the file way of your .htpasswds file and include your own particular username.

For nitty gritty guidelines, see our guide on the most proficient method to secret key ensure WordPress admin organizer.

Disable Directory Browsing

directory visible for browsing

Directory is open for browsing.

Numerous WordPress security specialists suggest incapacitating catalog perusing. With index perusing empowered, programmers can investigate your site's registry and file structure to locate a helpless file.

To impair registry perusing on your site, you have to add the accompanying line to your .htaccess file.

htaccess options directive

For additional on this point, see our guide on the most proficient method to debilitate registry perusing in WordPress.

Disable PHP Execution in Some WordPress Directories

Once in a while programmers break into a WordPress site and introduce a secondary passage. These secondary passage files are regularly masked as center WordPress files and are put in/wp-incorporates/or/wp-content/transfers/envelopes.

A simpler approach to enhance your WordPress security is by handicapping PHP execution for some WordPress registries.

You should make a clear .htaccess file on your PC and afterward glue the accompanying code inside it.

disable PHP using htaccess

Spare the file and afterward transfer it to your/wp-content/transfers/and/wp-incorporates/catalogs. For more data look at our instructional exercise on the most proficient method to handicap PHP execution in certain WordPress indexes.

Protect Your WordPress Configuration wp-config.php File

Likely the most critical file in your WordPress site's root registry is wp-config.php file. It contains data about your WordPress database and how to associate with it.

To shield your wp-config.php file from unathorized get to, just add this code to your .htaccess file:

protect wp-config file using htaccess

Setting up 301 Redirects Through .htaccess File

Utilizing 301 redirects is the most SEO well disposed approach to tell your clients that a substance has moved to another area. In the event that you need to legitimately deal with your 301 redirects on posts for each post premise, at that point look at our guide on the most proficient method to setup redirects in WordPress.

Then again, in the event that you need to rapidly setup redirects, at that point you should simply glue this code in your .htaccess file.

301 redirect with htaccess

Ban Suspicious IP Addresses

Is it true that you are seeing curiously high demands to your site from a particular IP address? You can without much of a stretch piece those solicitations by hindering the IP address in your .htaccess file.

Add the accompanying code to your .htaccess file:

deny IP with htaccess

Disable Image Hotlinking in WordPress Using .htaccess

Different sites specifically hotlinking pictures from your site can make your WordPress site moderate and surpass your transfer speed constrain. This isn't a major issue for most littler sites. In any case, in the event that you run a famous site or a site with bunches of photographs, at that point this could turn into a genuine concern.

You can avert picture hotlinking by adding this code to your .htaccess file:

disallow image hotlink via htaccess

.htaccess code example to protect image files to be "hotlinked".

This code just enables pictures to be shown if the demand is beginning from cancanit.com or Google.com. Bear in mind to supplant cancanit.com with your own area name.

For more approaches to ensure your pictures see our guide on approaches to avert picture burglary in WordPress.

Protect .htaccess From Unauthorized Access

As you have seen that there are such a variety of things that should be possible utilizing the .htaccess file. Because of the power and control it has on your web server, it is vital to shield it from unapproved access by programmers. Just add following code to your .htaccess file:

protect htaccess file

Increase File Upload Size in WordPress

There are distinctive approaches to build the file transfer estimate constrain in WordPress. Be that as it may, for clients on shared facilitating some of these strategies don't work.

One of the techniques that has worked for some clients is by adding following code to their .htaccess file:

file upload size via htaccess

This code essentially advises your web server to utilize these qualities to build file transfer measure and most extreme execution time in WordPress.

Sunny Chawla
Sunny Chawla Guest Author

Sunny Chawla is a Marketing Manager at AIS Technolabs – a Web-design and Development Company. Helping global businesses with unique and engaging tools for their business. He would love to share thoughts on Wordpress website development, web design and mobile app development.

You may also be interested: