htaccess file in WordPress and how to use it fully

lthough you can perform various website management tasks without having to leave the WordPress control panel , making the most of the program’s features and performing some tasks may require you to view or modify some WordPress files from outside the backend of the system, including htaccess file that provides many functions for website owners to enable them to manage their sites more professionally.

In this article, we will fully explain to you the htaccess file in WordPress, where we will introduce you to it, teach you how to view and modify it, and we will explain in practice how to benefit from the various functions it provides in a simple and clear way.

htaccess file

htaccess file is a special configuration file that does not have an extension located in the root folder of the WordPress site running on the Apache server. It provides the ability to specify the way the server runs the site through special rules that are included in it that allow the part of the server used by the site to be configured according to what the owner or manager wants.

By default, the htaccess file in WordPress sites includes rules that control the structure of permalinks . If you modify the structure of permalinks through the backend that enables you to manage your site, the htaccess file will be updated to reconfigure the server to work based on the new settings.

But although this file is used on many websites only for this purpose, its uses actually go beyond that in many cases, as some plug-ins can use it by adding functions to it to help them carry out their task, such as caching plugins And security additions , and rules can be added to it manually to modify the way the server works.

htaccess file location and how to access it

The htaccess file of your WordPress site is located in the root folder of the site, but it is hidden where its name begins with a period (.), because making modifications to it by someone who is not an expert, or without relying on specific instructions and instructions from a reliable source can threaten the security of the site.

The name of the root folder in which the htaccess file is located differs depending on the hosting provider you are using, it could be public_html, htdocs, httpdocs, or www, which is the same folder that contains the wp-config.php file and the wp-admin and wp-content folders, you should find file next to it.

htaccess file can be accessed via the web hosting control panel or by connecting to the server that includes the site via FTP, but sometimes the file may not appear to you because it does not exist or because it is hidden and the control panel is configured not to show hidden files.

If the file does not exist, you can create it if you need to use it, as we will explain later. If it is hidden, you can modify the file manager settings in your hosting control panel to display hidden files, and then the file will appear to you.

If your hosting uses the cPanel control panel , after entering the File Manager, you can click on the (Settings) button at the top right, and then put a checkmark next to the phrase Show Hidden Files (dotfiles), which means in Arabic (show files hidden), then click on the (Save) button, as the file will appear in the folder if it exists.

Can a WordPress site contain more than one .htaccess file?

The main htaccess file is placed inside the root folder of the WordPress site, and the commands inside it are applied to all the files and folders next to it and the subfolders and files it contains, i.e. to the entire site.

However, more than one .htaccess file can exist within a site’s files, each in a different path, and the commands for each are applied to files and folders with the file in the same folder as well as to subfolders and files.

htaccess file how to create

The WordPress system automatically creates the htaccess file when it is installed on the hosting , but sometimes it cannot do that for some reason, such as not having the necessary permissions, and then when you need to use the file, you can try to make WordPress create the file again, or you can You create it manually from your hosting control panel or via an FTP connection.

Create the file from wordpress

To retry creating the file with WordPress through the backend of the program, go to the Permalinks page by placing the mouse pointer on the (Settings) option in the side menu, then click on the (Permanent Links) option from the drop-down menu that appears.

On the page that opens, without making any modification, scroll to the bottom and then click on the (Save Changes) button. If you do not see an error at the bottom (under the Save Changes button), and WordPress informs you that the saving process has succeeded, this means that the .htaccess file was created in htaccess file is not writable, then you will need to create the file manually.

Create the file from the hosting control panel manually

htaccess file is not in the root folder of the WordPress site, and WordPress cannot create it automatically for some reason, you can create it manually from your web hosting control panel by using the File Manager.

To do this, go to the file manager in the control panel, then go to the root folder of your WordPress site. The WordPress system files and folders should appear in the folder, including the wp-admin and wp-content folders. You can confirm that you are in the correct folder by noticing that they are there.

Now you have to click on the button to add a new file (+ File). A window will appear asking you to specify the name of the new file to be created. Enter (.htaccess) in the file name field, then click on the (Create New File) button, as a new file named (.htaccess) will be created directly as you specified.

Open the file you just created by right-clicking on it, then clicking on the (Edit) option, and enter the following code inside it, then save it.

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

Note: If your hosting uses a different control panel than cPanel, the steps to create the file remain the same, but only the locations of the commands (buttons) and how to perform the steps may differ slightly.

It should also be noted that the file can be created manually using an FTP connection with the same steps as creating any other file, and we explained more about that in our article ( Explaining FTP for beginners, and how to use it to manage your site’s files ) on the WordPress site in Arabic.

htaccess file how to modify

The .htaccess file includes text, and it can be modified using text editors, including those integrated with the web hosting control panel, FTP programs, or others. Therefore, there are several ways in which the .htaccess file of the WordPress site can be modified, and we will explain here the two best methods because there is no need to know all those ways.

But before making any modifications to the file, you must take the necessary measures to prevent your site from crashing, and we will explain how to do that in the next paragraph before explaining ways to modify the htaccess file.

before modifying the file

htaccess file incorrectly or accidentally deleting or editing any of the site’s other files can cause the site to crash, so before you make any modifications to the htaccess file you should take an appropriate measure that enables you to neutralize the risks from the following measures:

• Create a backup of your site before you perform any action related to editing the file, as this enables you to quickly restore your site if something goes wrong. To learn how to create a backup, you can review our article ( Free, Safe, and Fast WordPress Backup ).
• Make the changes you want on a staging site rather than directly on the main site, as this allows you to test any changes before you publish them.
• Download the htaccess file that you want to modify on your computer, or create a copy of it elsewhere on your hosting account, as this will allow you to restore it directly to its state if any error occurs that causes damage to your site.

It is not necessary that you perform all the previous procedures, but it is preferable that you create a backup copy of your site, and keep a copy of the .htaccess file in a safe place, in order to be able to restore your site in the most convenient and fast way.

Method (1): Modify the .htaccess file via the hosting control panel

The steps for this method to modify the file are similar to what we explained in the previous paragraph (creating the file from the hosting control panel manually). You must first enter your hosting control panel, then use the file manager to access the root folder of the WordPress site.

After that, you have to click on the htaccess file using the right mouse button, then click on the (Edit) option in the drop-down menu that appears, where you will see the contents of the file, and you will be able to add the commands you want to it in order to control the way the server works to suit what you want in your location.

It is worth noting that you must enter the commands before the phrase (BEGIN WordPress) or after the phrase (END WordPress) in the file, and after you finish entering the commands you want, you must click on the (Save Changes) button to save the changes.

Method (2): Modify the .htaccess file by adding

If you cannot access the control panel of your hosting due to restrictions imposed by the provider, or if you do not want to modify the file from that control panel, you can use a WordPress plugin that provides the ability to modify the .htaccess file through the control panel in WordPress and not the hosting control panel .

In fact, it is usually better to use a WordPress plugin to modify the file, because high-quality plugins usually provide features that prevent file data loss and site functionality, so if you do not have a problem installing a free WordPress plugin to modify the .htaccess file in your WordPress site, use these method, not the first method.

The Htaccess File Editor add-on located in the plugin store on the official WordPress website is one of the best htaccess file editing plugins because it provides many important features, including but not limited to:

• With it, you can test the syntax of the file after making modifications to it before saving it, in order to prevent fatal errors.
• htaccess file of your WordPress site every time you make changes to it, so you can restore it if you want to or if there are any problems.
• The file can be restored from the backup using the plugin itself or using FTP if you are unable to access the WordPress dashboard.

It is also very easy to use the plugin to edit the file, as you only have to install and activate it based on the explanation that we provided in our article ( explaining the installation of free and paid WordPress plugins ), and then after that you will be able to go to the htaccess file editing page by clicking on the (WP Htaccess) option Editor) which you will find in the drop-down menu that appears when you place the mouse pointer on (Settings) in the WordPress side menu.

On the file editing page, at the top, you will find instructions and warnings that you must read, and at the bottom, the contents of the .htaccess file will be displayed in an editable text box, where you can modify the .htaccess file by modifying the contents of this text box. You will also notice that there are 3 buttons below the box, which are for saving the modifications, testing the structure of the file codes, and restoring the last backup copy of it.

There are other methods that enable you to modify the htaccess file in the WordPress site, as we mentioned earlier, but we recommend using this method, because it is the safest, easiest, and suitable for beginners and professionals alike, because it provides the ability to freely modify the file, allows it to be tested, and backs it up automatically.

htaccess file uses and functions in wordpress

htaccess file can be used to perform a variety of tasks that show the server how it should work, by adding commands before or after the default WordPress commands in the file. For each task or function that you want to perform through the .htaccess file, there is a specific code that must be entered into the file in order for the execution process to take place.

Therefore, the use of the .htaccess file to implement certain functions on the site is as follows:

• Create a backup of your website, or at least your .htaccess file, or take some other measure to secure your site.
• Open the htaccess file to edit it either using your hosting control panel or using the Htaccess File Editor WordPress plugin.
• Enter the necessary commands that perform the function you want before or after the commands currently in the file.
• Save your changes.
• Test the commands you entered.

It is easy to implement most of these steps, and we have explained most of them in the previous paragraphs in detail, but the step of entering the necessary commands that perform the specific task that you want we did not mention, and for this we will explain in the following paragraphs the most prominent commands that you may need to enter in the file to benefit from him.

1. Redirect URLs

When you change the domain name of your site, or when you change the organization of its pages, the links to the old pages will become broken, but they will remain on social media and other sites that have included a backlink to your site, and the broken links will remain within the search results pages in Google for some time .

When someone visits the old link, they will see an error message, which negatively affects the site in many ways. That is why in this case you will need to redirect the visitor visiting the old URL to the new URL, thus ensuring that he reaches the page he requested.

Single page URL redirect

To redirect a page or article URL to another URL, you can use the following code:

Redirect 301 

/old-url-slug

https://Example.com/new-url-slug

Where (old-url-slug) represents the part of the old link after the top-level domain (com, net, etc.), and (https://Example.com/new-url-slug) represents the full link to the page to which the visitor is directed. When he visits the old link. Note that the domain name of the old link is not written in the code, unlike the new link.

Here is an example to make the code more clear:

Let’s say the old link we want to direct from is: https://www.money7u.com/latest-version-wordpress

The new link we want to direct to is: https://www.money7u.com/wordpress-6

Then we have to write the following code to perform the required redirection:

Redirect 301 /latest-version-wordpress https://www.ar-wp.com/wordpress-6

Redirect all site URLs

To direct visitors to your old domain to the new domain, you can use the following code in the .htaccess file:

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^(.*)$ http://

example.com

/$1 [R=301,L]
</IfModule>

Note that you have to replace (example.com) with your old domain name. It is worth noting that the code maintains the structure of the link as well. For example, if the visitor visits the link in the first item of the following list, he will be directed to the link in the second item of the list:

• https://olddomain.com/google-sites-vs-wordpress
• https://newdomain.com/google-sites-vs-wordpress

Redirect from http to https

If you want to force visitors to visit the secured version of your site whose domain name begins with https, you can use the following code:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Redirect from Non-www to www

To perform redirects from Non-www to www use the following code:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^

domain.com

$
RewriteRule (.*) http://www.

domain.com

/$1 [R=301,L]
</IfModule>

Redirect from www to non-www

To implement redirects from www to non-www use the following code:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www.

domain.com

$
RewriteRule (.*) http://

domain.com

/$1 [R=301,L]
</IfModule>

Note: Before using the above two codes, you have to replace domain.com with your domain name.

Other redirects

To convert links that include the html extension to links that do not include this extension, that is, to remove the extension from the link, we use the following code:

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^/?(.*).(html)$ /$1 [R=301,L]

</IfModule>

To convert links that include the php extension into links that do not include this extension, we use the following code:

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^/?(.*).(php|html)$ /$1 [R=301,L]

</IfModule>

To redirect sub-domain links to a page within the site, for example from blog.example.com to example.com/blog, we use the following code in the .htaccess file located in the root folder of the sub-domain, not the main one:

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^(.*)$ http://https://www.

example.com

/blog/$1 [L,NE,R=301]

</IfModule>

Note: Replace example.com with the domain name of your website before adding the code to the .htaccess file.

2. Prevent hotlinking of images

Some site owners or employees sometimes copy links to the images on your site, and put these links on their sites instead of downloading and uploading them to their sites so that the images are loaded when you visit the pages of their site in which the images are located from your hosting server, and this leads to loss Hosting resources and negatively impacting your website’s performance.

htaccess file in WordPress you can prevent them from doing so by using this code:

#disable hotlinking of images with forbidden or custom image option
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?

example.com

 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ – [NC,F,L]

Note: You must replace (example.com) with the domain name of your site and then include the code in the .htaccess file.

The previous code prevents the images in your hosting server from being displayed by any other site different from your domain site (example.com) and the Google domain site (google.com), and this means that there are only two sites where your site’s images are allowed to be displayed, which are your site and Google site .

And you can allow certain other sites to display your site’s images (that is, in addition to your site and Google) by adding the following code before the last line of the previous code, replacing (Domain.com) with the domain of the site you want to allow to display the images.

RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?

Domain.com

 [NC]

It is worth noting that you can add more than one domain in the same way, as you add the previous code to each domain that you would like to be allowed to display your site’s images.

3. Block a specific IP from visiting your site

If you want to block a certain user from accessing and browsing your site for some reason, you can do that by blocking the IP address of the device that that user is using from accessing the site, as the server does not respond to requests that come from that device. To do that use the following code:

Order Deny,Allow
Deny from 147.125.14.1

Hint: You must replace the address (147.125.14.1) with the IP address of the device you want to block.

4. Increasing the maximum file sizes that are allowed to be uploaded to the site

If the maximum file size allowed to be uploaded to the server is low for your site, you can increase this limit by entering the following code in the .htaccess file:

php_value upload_max_filesize 50M
php_value post_max_size 50M
php_value max_execution_time 300
php_value max_input_time 300

This code increases the maximum file size that is allowed to be uploaded to the WordPress site, as well as the maximum time period during which the file must be uploaded. You can modify the values ​​in the code to control the maximum size and maximum duration.

It is worth noting that there are cases in which the site does not respond to raising the maximum file size that is allowed to be uploaded, and you can learn more about this topic by reviewing our article ( solving the problem of the uploaded file exceeding the maximum limit ) on the WordPress site in Arabic.

5. Prevent access to the .htaccess file

htaccess file contains sensitive information that modifying it could damage or break your site, so you may want to prevent access to it except by the file manager in your hosting control panel (or other similar methods). To do that you just have to insert the following code in the htaccess file itself:

<files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</files>

6. Disable the XML-RPC file

An XML-RPC file is one of the WordPress files that are used to access and manage the blog by external applications, such as mobile WordPress applications, or other blogging applications, that is, it manages and allows external applications to interact with your site.

If you don’t manage your site with mobile apps or don’t link your site to external apps (don’t use IFTTT services for example), you should disable the XML-RPC file for security reasons by entering the following code in your WordPress site’s .htaccess file:

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>

 

7. Prevent access to wp-config.php

The wp-config.php file  located in the root folder of the wordpress site contains very sensitive information that, if leaked, could lead to your site being hacked easily, so you have to prevent access to it completely by including this code in the htaccess file:

<files wp-config.php>
order allow,deny
deny from all
</files>

8. Blocking access to the site’s members’ files

Some hackers sometimes access the files of the members of the site and know the user name and guess the passwords based on them through advanced techniques, which enables them to access the backend and harm the site, and for this you must prevent access to these files by adding the following code in the file htaccess for the WordPress site:

# BEGIN block author scans
RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} (author=\d+) [NC]
RewriteRule .* - [F]
# END block author scans

9. Display a custom designed error page

Sometimes visitors encounter errors while browsing the website, at which point the website displays a simple webpage showing that an error occurred on the website. You may not like the error pages that are shown by default to visitors, and you need to show a more beautiful and useful custom page.

The htaccess file provides you with the ability to do this easily, after designing the error page that you want to show in the event of a specific error, you just have to put it within the site files on your hosting, then enter the following code in the htaccess file located in the root folder of your WordPress site with the necessary changes in it As shown after it:

ErrorDocument 400 /errors/error400.html

The number after (ErrorDocument) – in this case 400 – expresses the error number that the page with the path (/errors/error400.html) will appear when the visitor encounters it, as there are many types of errors that can occur on the WordPress site, and expresses Each type has a specific number.

Error 401, for example, indicates that you must grant the necessary permissions to be allowed to access the data you requested, and error 403 means that you have been blocked from accessing the content.

If the visitor gets a 400 error and the above code is included in the htaccess file, the site will show the custom page in the specified path, but if the 401 error occurs, it won’t show the custom page, because it is for another error.

But you can assign a page to each error and enter the necessary codes in the .htaccess file so that each of those pages is displayed when the corresponding error occurs. Note the following code for example:

ErrorDocument 403 /errors/error403.html
ErrorDocument 401 /errors/error401.html
ErrorDocument 404 /errors/error404.html

The above code tells the server to show the styled page (/errors/error403.html) on 403 error, the styled page (/errors/error401.html) on 401, and the styled page (/errors/ error404.html) when error 404 occurs.‘ ;”l

 

In the same way, you can allocate pages for all errors that can occur on your site, but this is not required in reality, as WordPress automatically creates appropriate error pages for most errors that a visitor can encounter.

There are also many other uses for the htaccess file, and if you are not comfortable with dealing with the codes and modifying them to suit your site yourself, you can use a site that generates codes that can be used in the file after giving it the necessary values ​​it requests, such as the htaccess generator site .

And here we have finished introducing you to the htaccess file in WordPress, how to create it, modify it and use it to carry out a number of tasks on the site, and we would like to point out in conclusion the need for extreme caution when modifying the file, especially if you do not have good experience in developing WordPress, as it can Your site may crash if you make a mistake while writing commands, pasting them into the file, or modifying them.