Useful .htaccess Tips And Tricks For WordPress

Well, if you are running a WordPress blog or website, you sure to know about .htaccess file. A majority of site owners use it while fixing their permalinks. An .htaccess file can do much more than just fixing permalinks. It is basically a configuration file that gives you complete control over your WordPress files and folders. .htaccess stands for hypertext access and allows you to enhance your site’s performance and security.

How to create .htaccess file?

You probably won’t find .htaccess file in your WordPress website unless you create one. In order to create this file, all you need to do is open a blank document and save it with .htaccess and upload it to the root directory.

.htaccess file was used to allow per-directory access control. However today, it is used for various configuration settings, most of them associated with content control.

A large number of WordPress websites use this file to prevent hackers, spammers and other dangers. Since the file plays an important in maintaining your website, it is essential to know how to use it.

We have pulled together certain htaccess tips and tricks to help you make the most of it.

1. Protect WP-config.php

WP-config.php is one of the most important files of your WordPress website as it is configuration files and includes many important settings.

Secure it with these lines of code:

<files wp-config.php>
order allow,deny
deny from all

2. Restrict admin area access

htacess Admin-Area-Password-PRotection

A majority of hackers use admin area as their main entry point which is why it is extremely significant to make it more secure.

Use these lines of code:

# Limit logins and admin by IP
order deny,allow
deny from all
allow from

3. Maintenance page

Updating your website every now and then is quite common. However what do you do when you are updating your live website? Do you allow your visitors to see the changes in real time? Or you add a maintenance page and redirect your visitors to it? Well, there are many maintenance page plugins available to help you create maintenance page and redirect your users to it. However, these plugins are of no help if your website isn’t working in coordination with them. Instead of depending completely on the functionality of the plugins, it is usually recommended to add a maintenance HTML file and add few lines of code in your htaccess file to make it work every time you update your website or even worse if it gets hacked.

RewriteEngine on
RewriteCond %{REQUEST_URI} !/maintenance.html$
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123
RewriteRule $ /maintenance.html [R=302,L]

Change the above code according to your website specification. Rename maintenance.html file with the name of your HTML file and the actual location of the file. Also, add your own IP address in the third line.

4. Enable browser caching

Browser caching allows your visitors to save webpages or certain information of your website in order to prevent downloading every time they visit your website. This not only reduces your bandwidth cost but also improves the speed of your website. Browser caching is used for media files and CSS stylesheets, and enables visitors to load the files from their system instead of web servers.

Add these lines of code to achieve it:

<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg “access 1 year”
ExpiresByType image/jpeg “access 1 year”
ExpiresByType image/gif “access 1 year”
ExpiresByType image/png “access 1 year”
ExpiresByType text/css “access 1 month”
ExpiresByType application/pdf “access 1 month”
ExpiresByType text/x-javascript “access 1 month”
ExpiresByType application/x-shockwave-flash “access 1 month”
ExpiresByType image/x-icon “access 1 year”
ExpiresDefault “access 2 days”

5. Disable hotlinking

Hotlinking basically means allowing someone to share the images of your website through linking to the image URL. Hotlinking usually has negative impact on your website including increased bandwidth costs, poor performance and removal of the images.

You can easily disable hotlinking by adding these lines of code.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)? [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)? [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ [NC,R,L]

6. Redirect a URL

There are times when you change your domain, or move your website to a new location. This is when you need to notify search engines about the move and redirect pages or URLs. Whenever your website or page URL changes, 301 redirects come into play. They allow you to notify search engines. In order to make it work, you need to add a line of code in your .htaccess file with old and new location.

Redirect 301 /oldpage.html
Redirect 301 /oldfolder/page2.html /folder3/page7.html
Redirect 301 /

7. Ban IP Addresses

Well, maintaining a website is not easy. The threat of being hacked keeps increasing with the passage of each day. The unusual requests from different IP addresses insist you to block them to maintain security.

In order to ban IP addresses, add these lines of code to your .htaccess file.

<Limit GET POST>
order allow,deny
deny from
allow from all

Use these tips and tricks to make your website more secure and prevent spamming and hacking.

About The Author – Emily Johns is a web developer by profession and a writer by hobby she works for Wordsuccor Ltd.- a reputed Outsource WordPress Development Company. She loves sharing information regarding WordPress development tips & tricks.

If you enjoyed this article, get email updates (it's free).

Tagged as:

6 thoughts on “Useful .htaccess Tips And Tricks For WordPress”

  1. I think these tips are valuable for both newbe’s & advanced. Maintaining security and protecting the site from hacking attempt is also the most important thing, Thank you for sharing these resourceful articles.

  2. Cool post about an often-overlooked web tool! I particularly appreciated tip #4 for browser caching.

    For beginners, if you use tip #2 make sure you use your own IP address in the “allow from” line.

Leave a Reply

Your email address will not be published. Required fields are marked *