Top 10 .Htaccess Tricks for your WordPress Site
You may have been working on a website, or reading an article about web development, and heard about the .htaccess file. The .htaccess file is a powerful configuration file which allows you to do a lot of cool stuff on your website. In this article, we will show you some of the most useful .htaccess tricks for WordPress that you can try right away.
How to Edit a .htaccess File?
The .htaccess file is a server configuration file. It allows you to define rules for your server to follow for your website.
WordPress uses .htaccess file to generate SEO friendly URL structure. However, this file can do a lot more.
The .htaccess file is located in your WordPress site’s root folder. You will need to connect to your website using an FTP client to edit it.
Before editing your .htaccess file, it is important to download a copy of it to your computer as a backup. You can use that file in case anything goes wrong.
Having said that, let’s take a look at some useful .htaccess tricks for WordPress that you can try.
1. Protect Your WordPress Admin Area
You can use .htaccess to protect your WordPress admin area by limiting the access to selected IP addresses only. Simply copy and paste this code into your .htaccess file:
AuthUserFile /dev/null AuthGroupFile /dev/null AuthName "WordPress Admin Access Control" AuthType Basic <LIMIT GET> order deny,allow deny from all # whitelist Syed's IP address allow from xx.xx.xx.xxx # whitelist Chris's IP address allow from xx.xx.xx.xxx </LIMIT>
Don’t forget to replace xx values with your own IP address. If you use more than one IP address to access the internet, then make sure you add them as well.
2. Disable Directory Browsing
Many WordPress security experts recommend disabling directory browsing. With directory browsing enabled, hackers can look into your site’s directory and file structure to find a vulnerable file.
To disable directory browsing on your website, you need to add the following line to your .htaccess file.
3. Protect Your WordPress Configuration wp-config.php File
Probably the most important file in your WordPress website’s root directory is the wp-config.php file. It contains information about your WordPress database and how to connect to it.
To protect your wp-config.php file from unauthorized access, simply add this code to your .htaccess file:
<files wp-config.php> order allow,deny deny from all </files>
4. Setting up 301 Redirects Through .htaccess File
Using 301 redirects is the most SEO friendly way to tell your users that a content has moved to a new location.
On the other hand, if you want to quickly setup redirects, then all you need to do is paste this code in your .htaccess file.
Redirect 301 /oldurl/ http://www.example.com/newurl Redirect 301 /category/seo/ http://www.onlineshouter.com/category/seo/
5. Ban Suspicious IP Addresses
Are you seeing unusually high requests to your website from a specific IP address? You can easily block those requests by blocking the IP address in your .htaccess file.
Add the following code to your .htaccess file:
<Limit GET POST> order allow,deny deny from xxx.xxx.xx.x allow from all </Limit>
Don’t forget to replace xx with the IP address you want to block.
7. Protect .htaccess From Unauthorized Access
As you have seen that there are so many things that can be done using the .htaccess file. Due to the power and control, it has on your web server, it is important to protect .htaccess file from unauthorized access by hackers. Simply add following code to your .htaccess file:
<files ~ "^.*\.([Hh][Tt][Aa])"> order allow,deny deny from all satisfy all </files>
8. Increase File Upload Size in WordPress
There are different ways to increase the file upload size limit in WordPress. However, for users on shared hosting, some of these methods do not work.
One of the methods that has worked for many users is by adding following code to their .htaccess file:
php_value upload_max_filesize 64M php_value post_max_size 64M php_value max_execution_time 500 php_value max_input_time 500
This code simply tells your web server to use these values to increase file upload size as well as maximum execution time in WordPress.
9. Disable Access to XML-RPC File Using .htaccess
Each WordPress install comes with a file called xmlrpc.php. This file allows third-party apps to connect to your WordPress site. Most WordPress security experts advise that if you are not using any third party apps, then you should disable this feature.
There are multiple ways to do that, one of them is by adding the following code to your .htaccess file:
# Block WordPress xmlrpc.php requests <Files xmlrpc.php> order deny,allow deny from all </Files>
10. Disable PHP Execution in Some WordPress Directories
Sometimes hackers break into a WordPress site and install a backdoor. These backdoor files are often disguised as core WordPress files and are placed in /wp-includes/ or /wp-content/uploads/ folders.
An easier way to improve your WordPress security is by disabling PHP execution for some WordPress directories.
You will need to create a blank .htaccess file on your computer and then paste the following code inside it.
<Files *.php> deny from all </Files>
Save the file and then upload it to your /wp-content/uploads/ and /wp-includes/ directories
Latest posts by sarah ali (see all)
- Maximum Allowed Google AdSense Ads on your WordPress Blog - January 19, 2018
- How to Get Started with Google AMP in WordPress - January 18, 2018
- 5 Best Backup Plugins for WordPress 2018 - January 14, 2018