Working With The htaccess File

Apr 03, 2019
Working With The htaccess File

If you have done any web development or website maintenance work, then you must have come across the .htaccess file at some point. This is an important file for many reasons and this guide will provide an overview of what the .htaccess file is, what you can do with it, how to create it, and options available to you for editing it on your WordPress website.

The .htaccess file is not unique to WordPress websites. It is used on all Apache virtual hosts. However, I will use WordPress as a basis for this discussion since it is the most popular software powering most of the web.

"Working With The .htaccess File"

The .htaccess File – What Is It?

The name “htaccess” is short for Hypertext Access. And the .htaccess file is a configuration file for web servers that are based on Apache. When this file is placed in a directory, it controls the access/security behavior of the directory that it lives in as well as those of all the sub-directories under its directory.

If you are working with a content management system like WordPress, this file will sit in the the root folder of your site (though depending on how your site was set up originally, you may have to manually create this file yourself – more about this later).

NOTE: That’s the name, .htaccess – it starts with a period (or dot) and ends with “htaccess”. You can think of “htaccess” as the file extension if you like. So, if you edit or have to manually create this file, make sure the name stays like that. If you inadvertently change its extension and make a “.html” or “.txt” file instead, the rules within the file will not work.

The .htaccess file offers a ton of features and covering its features in detail is not the focus of this article. However, some of the features of the .htaccess file include the ability to…

  • Redirect users to a new site, page, or directory automatically
  • Block nefarious bots from your site
  • Ban or allow users based on IP address
  • Reduce or eliminate spam activity
  • Password protect sections of your site
  • Disable directory listings
  • Change how certain extensions are used
  • Change the default index file by configuring file extensions or defining a specific file
  • Create custom error pages
  • Disable script execution in certain folders
  • Configure browser caching
  • Send HTTP headers

…and many more!

On a WordPress installation, the default .htaccess file has this content:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress

Of course, this basic example is often significantly extended in large websites.

How To Create A WordPress .htaccess File

As previously mentioned, the .htaccess file usually comes by default on your WordPress installation. But this varies depending on your host or how your WordPress site was installed. So sometimes, you may need to manually create the file.

NOTE: Before you start trying to manually create the .htaccess file, confirm that the file is not hidden. By default, Windows as well as most FTP tools which you may be using to access your remote directory don’t display hidden files in your files list. And you may have to specifically set your preferences to show hidden files in order to see the .htaccess file.

For example, for WinSCP (a popular FTP tool), here’s how the setting looks:

"Working With The .htaccess File - WinSCP Show Hidden Files"

You will find similar settings in FileZilla and pretty much any other FTP tool of your choice.

Make sure the box highlighted above is checked in order to show the .htaccess file.

If you are using Windows, go here: Control Panel >> Appearance and Personalization >> File Explorer Options >> View

"Working With The .htaccess File - Windows Show Hidden Files"

This time, select the box to “Show hidden files, folder, and drives” and make sure the check box “Hide extensions for known file types” is unchecked.

If you confirm that the .htaccess file does not exist in your WordPress installation, just create it with Notepad or your favorite text editor. You can create it locally and then upload to your server or create it remotely on your website directly. For the file contents, copy and paste the code of the default WordPress .htaccess file (provided above).

Save the file and make sure it is correctly named “.htaccess” and not something like “htaccess.txt” or “.htaccess.txt”.

Options For Editing The WordPress .htaccess File

If you know you already have a .htaccess file on your site and just want to figure out how to quickly edit it to configure specific options, here are the 3 general methods:

  1. Edit the .htaccess file directly from cPanel (if you use cPanel that is)
  2. Edit the file using FTP (as discussed above)
  3. Edit the file from the WordPress dashboard (more on this below)

With regard to method #3 above, note that WordPress does not offer any built-in feature that allows you to edit your .htaccess file from your WordPress dashboard. However, there are many plugins that provide this functionality. For example, the popular Yoast SEO plugin, provides an option to do this.

I highly discourage people from editing their WordPress .htaccess files (or any WordPress files for that matter) via the WordPress dashboard. It’s not such a great file editing user experience and more importantly, the risks are too many – the edits you make take effect instantly and if you make one tiny mistake, you could easily lock yourself out of your own WordPress website!

In fact, I usually go a step further to disable file editing on WordPress websites I manage. To do this, just add this line of code to your wp-config.php file:

define('DISALLOW_FILE_EDIT', true);

This will kill off the theme editor (Administration >> Appearance >> Editor) and the plugin editor (Administration >> Plugins >> Editor) and any file editors that third party plugins (including Yoast SEO) try to add to your dashboard.

My favorite (and recommended) way of editing the .htaccess file and other WordPress and server files is via FTP. FTP offers you a lot more power than any of the other methods mentioned above without the risk of locking yourself out. And in my opinion… more power, less risk, why not?!

The cPanel method is ok. But I’m just not a fan of cPanel or shared hosting. And the cPanel file editor still doesn’t compare to pure FTP by the way.


The .htaccess file is a powerful configuration file for Apache systems and WordPress in particular. The above overview covers how to create/access and edit the .htaccess file using WordPress as a case study. In subsequent articles, I plan to provide deeper insight into specific .htaccess configurations (with sample codes) for tweaking various settings on your site and server.

If you found this introductory article useful, I welcome your comments in the box below.

Add Comment