WordPress Tutorials

How to Use the Power of .htaccess  for Your WordPress Website

.htaccess is a powerful and useful configuration file allowing you to alter the Apache Web Server software’s configuration. Namely, it can help you fulfill many neat things in your site. In the guide in below, we plan to introduce you twelve 12 .htaccess usages for managing a better WordPress website, especially those beginners has very little knowledge about WordPress and .htaccess file.

About .htaccess

For .htaccess file, actually we have mentioned its definition at the very beginning. Generally speaking, it is a very useful configuration file for your web servers, letting you define rules for these web servers to comply with for your site.

In WordPress, .htaccess file can be used to generate the URL structure that is SEO friendly specially. Besides, it can do many more things as well.

You can find .htaccess file in root folder of your WordPress website. For editing .htaccess file, you need connect to your WordPress site that uses an FTP account, to edit the .htaccess file.

There is one that that we always remind our readers that before you doing any changes on your website, you need perform a copy of the item you are going to change as a backup in case of any accident.

Having talked that, we should move on to have a look at the useful tricks you can use for you WordPress site.

#1 Protect WordPress Administrative Area

For .htaccess file usages, the first thing we want to introduce is to use it to protect WordPress administrative area by allowing the selected IPs to access only. In order to make it, you need to copy the code in below and paste it in .htaccess file:

Note that the “xx” in the code is directed to your IP addresses, and when you perform the code, you need to use your IP address to replace “xx”. Besides, you can add more IPs in the code in the same way, if you are using them to access Internet.

#2 Add Password Protection for WordPress Administrative Folder

Protecting your WordPress administrative area via the method above does not always work for you in certain situation that you often access your WordPress website from different locations including some public hotspots.

For this circumstance, adding extra password via your .htaccess file can protect your WordPress admin area as well, and it works well. To add the password, you need to go through the following steps:

At first, you have to make a .htpasswds file. For this, online generator is a good and simple helper that users often use. Once you created one, you need to upload the file outside the /public_html/ folder or the web directory  publicly accessible. This is a good path:

Then, you should generate your .htaccess file as well as upload it in the /wp-admin/ directory; after that, you can add the codes as following in your .htaccess file:

Finally, remember to add your .htpasswds file’s path in the “AuthUserFile” path, and also add your username.

#3 Add .htaccess file to Disable Your Directory Browsing

For sake of security, most WordPress experts suggest to disable the directory browsing. It is because when the directory browsing is enabled, attackers will be able to look into your website’s directory as well as file structure, so as to find out the vulnerable one.

If you can take advantage of .htaccess file, you can easily disable your directory browsing and protect your site from attacking vulnerable files. Specifically, you just need to add the command line as following into .htaccess file.

#4 Disable PHP Execution in WordPress Directories

For hackers, there is a ways of hacking which is common to see. It is to hack into a WordPress website and install backdoor(s) which are usually saved in /wp-content/uploads/ or /wp-includes/ folder, disguising as core WordPress files.

To help you get rid of this trouble, you can make full use of .htaccess, which can easily improve your site security by disabling the PHP execution in WordPress directories. To make it, you need firstly to set up a blank .htaccess file and then copy the code in below to paste it inside the blank file.

Then, save the .htaccess file and upload the file to /wp-content/ and /wp-includes/ directories. Once done, you will have disable PHP execution in these WordPress directories and improve your WordPress website security.

#5 Protect Your wp-config.php File

To a great degree, we think wp-config.php file should be one of the most important files in your site’s root directory, because the file includes the content about your WordPress DBs and the ways to connect to it. So, to protect the WordPress configuration file from hacking is very important.

Here .htaccess file can help as well. You just need to add the following lines into the .htaccess file.

#6 Setup 301 Redirects

As for SEO practices, people always take advantage of 301 redirects, and indeed it is one of the most SEO-friendly methods to tale your audience that your content has been moved to a new place.

Here we will not talk about how to use and manage 301 redirects, but we will show a quick way of setting them up via .htaccess file. You just need to fulfill one thing that is to pate the following code into your .htaccess file. See, how easy it is!

#7 Ban Suspicious IPs

When you check out your website static reports, you may find there are high requests from one specific IPs, which is unusual. If that, you should be aware of the IPs and take action to prevent your site from hacking or malicious attacks from the IPs.

To protect your WordPress site, you can block the IPs. Well, .htaccess file can help you make it quickly in a few steps. First, you need to copy the code as in below and then pate it to .htaccess file. Finally, you just need remember to replace “xx” within the code with the IPs you are targeting to block.

Now, everything is done and you will have banned the suspicious IPs.

#8 End Image Hotlinking in Your WordPress

There is some tricks that will make your WordPress slow down, and hotlinking images directly from your WordPress website is one of them and it may exceed your site bandwidth limit. Although it is not a big problem for many smaller site, it could be a serious matter for you when you are running a website with many photos or a very popular site. So, how to get rid of this bother?

.htaccess file can help you stop hotlinking. All you need to do is to add the code in below to your .htaccess file and replace “wpwebsite.com” with the real domain name of you.

Now, according to the code, only if the image requests are originating from wpwebsite.com or google.com, the images requested will be diaplayed.

#9 Increase File Upload Size Limit in WordPress

We believe many users have tried a lot of methods to increase the file update size in their WordPress, but part of those do not work for the users hosting sites in shared hosting server.

According to our experience, there is one ways that work for a lot. It is to use .htaccess file. You just need to add the following lines into the file, and then everything is done.

These lines will tell the web server to utilize the values within the code to crease your file upload size and the biggest time for execution in WordPress.

#10 Disable Access to XML-RPC File

All WordPress installs come with an xmlrpc.php file, which allows the applications from third party to connect to your site. To keep any potential vulnerability away from your site, many WordPress security professionals will recommend you to disable it. There are several ways to make, and .htaccess file can be used to disable it as well. Add the code in below to the .htaccess file and you just disable that feature to protect your WordPress site.

#11 Block Author Scans in WordPress

In bruteforce attacks on WordPress websites, hackers often use author scans to try to crack those passwords for usernames. If you can use .htaccess file, then you easily block this way. You just need to add the code in below into your .htaccess file.

#12 Protect .htaccess File from Hackers

As we talked above, it is obvious that .htaccess file is very useful to improve you WordPress performance, security and user experience. Thus, to protect your .htaccess from hacking is also important. And, it is very easy! Copy the following code and paste them in your .htaccess file. It’s done!


In the post, we introduce 12 useful tricks to protect and improve your WordPress website via .htaccess file. We sincerely hope you can learn from them and get your site better. Also, you can check out our WordPress Tutorials to find more helpful guides related to WordPress security, SEO practices, and more.

Leave a Reply

Your email address will not be published. Required fields are marked *