Working With The .htaccess File In WordPress

htaccess file WordPress

WordPress is a great platform that is made all the better by how detailed and powerful the standard WordPress dashboard is. You can achieve much, in terms of customizing the way that your site feels and functions, by simply using the tools that WordPress has made available to you as standard.

There comes a time in any website owner’s life, however, when you will need to go beyond this functionality. Working with the WordPress .htaccess file can be one way to do this. This file is a core file that your site relies on, and is mainly concerned with how the permalinks of your website work.

The .htaccess file can be used to achieve a number of useful things, though. We’ve previously covered some of them, including a process for making regex redirects in WordPress, and a more general overview on header redirects for WordPress. In both of these guides, we accessed and edited the .htaccess file, but without explaining much about why the file is there in the first place, and how you can use it.

That’s the purpose of this article. First, we’ll look at what the .htaccess file does in the standard WordPress setup. Then, we’ll explain how you can access it, and how you can edit it. Finally, we’ll show you why you might want to do that.

What Is The .htaccess File?

Let’s get the basics out of the way first. The .htaccess file is not technically a WordPress file. Or, to put it more accurately, the .htaccess file is actually a file that is used by Apache web servers. This is the system currently being used by the vast majority of WordPress sites and hosts. Because of the ubiquity of Apache when it comes to managing WordPress sites, each such site has a .htaccess file.

The .htaccess file shares some characteristics with the other files that your WordPress site uses for configuration. The filename is a hidden file and will need to be unhidden to be edited. It also sits in the root directory of your WordPress site.

Remember, the .htaccess file does one thing and one thing only: it determines how the permalinks of your site are shown. That’s it. 

Hidden behind this simple description is a lot of complexity, however. This is because many site owners, plugins, and themes make changes to the way that permalinks are used within your WordPress site. Every time you (or a plugin) makes a change to the way that your permalinks work, these changes are stored in the .htaccess file. 

In principle, this is a pretty good system, and is secure. However, in the real world it can create real problems. One is that because 75% of developers use JavaScript, and are therefore not that comfortable using Apache, many plugins can overwrite the .htaccess file in a way that leaves your site insecure. Fixing (or indeed even spotting) this kind of issue is beyond our scope here, but the standard caveats about plugins apply – only install those you trust, and that are regularly updated to fix security holes like this.

Finding And Editing The .htaccess File

Despite the fact that the .htaccess file is mainly designed to handle the permalinks on your site, you can edit the file to achieve a number of useful outcomes: these include making redirects, or simply improving the security on your site by limiting outside access to particular pages.

In this section, we’ll show you how to do that. But first… 

WARNING: Editing the .htaccess file can break your website. 

Making any changes to the fundamental files that your site runs on is risky. You should always backup your site before making any changes to it, and experiment without affecting the live site. 

In fact, there is a good reason why the .htaccess file is not available for most WordPress users. WordPress has a clear majority of the market share for small business websites, and this means that many of their users are, shall we say, not the most technically inclined. This is why the .htaccess file is hidden by default – to avoid novice users making mistakes.

Accessing And Editing The .htaccess File

With all that out of the way, let’s look at how you can access the .htaccess file. In order to do that:

  1. Create a connection to the website using an FTP client. There are plenty of free, great FTP clients out there, including FileZilla. Read through the documentation provided to make an FTP connection to your site.
  2. Once you’ve established an FTP connection, you’ll be shown all the files that make up your site. Have a look through these folders, and you’ll see one called the root directory.
  3. Inside this folder, you’ll see your .htaccess file. It will normally be near the top of the list of files in that folder. Click on the file, and then click view/edit. 
  4. The file will open in the text editor.

And that’s it. You’re now allowed to make changes to your file, but take note you might not want to do that. We’ll show you how to use this file in the next section, but before we do it’s a good idea to make a local copy of your .htaccess file (using the standard “save as” dialog), make your changes locally, and then upload the file to a staged site (as we noted above).

Using The .htaccess File

Now you are ready to start using the extra functionality provided by the .htacess file. Let’s start out with a few basic ones.

  • 301 redirects – The 301 redirect is a tiny piece of code that sends visitors from one page to another, and is necessary if you transfer a particular blog post that is linked to from an external site. Alternatively, you can use the .htaccess file to redirect the website. You can also direct visitors from an older HTTP version of the site to a new, more secure, HTTPS version. Add this to the .htacess file:

Redirect 301 /oldpage.html /newpage.html

  • Security – There are also a number of ways to use the .htaccess file to apply advanced security strategies for WP. One of these is to lock down access to particular files so that only users with the correct authentication can access the core files that your WordPress site runs on. You can use this code, appended to the end of your .htaccess file, to limit access to a number of core files:

<FilesMatch "^.*(error_log|wp-config\.php|php.ini|\.[hH][tT][aApP].*)$">
Order deny,allow
Deny from all
</FilesMatch>

  • Modify URLs – Another useful feature of the .htaccess file, albeit a more complex one to implement, is that the file can be used to control the way that URLs are displayed when your visitors access your site. To do that, you will need to make sure you are using the most recent version of Apache. This makes the URL of one page appear different to visitors. This last example is – perhaps – a little too complex for most users just getting used to the .htaccess file. However, I’ve included it to show you the scope of what can be achieved with the file. Append this to your .htaccess file:

RewriteEngine on
RewriteRule ^oranges.html$ apples.html

Going Further With .htaccess

Working with the .htaccess file is a great way to learn about how your WordPress site works at a more fundamental level, and to give you a glimpse of the huge scope for customization that even a standard WP site affords you. Once you’ve mastered working with the .htaccess file by making the basic changes we’ve described above, a wealth of options opens up to you. One, as we’ve previously covered, is the ability to reset your WordPress blog

Another is that many of the ways to improve your WordPress security involve either changing the .htaccess file directly, or using the same FTP system to make changes to other root files. In other words, once you start looking into the nuts and bolts of your site, you’ll find endless possibilities for customization and improvement.

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.