ISO 9001:2015
Certified Company
  • Home
  • -
  • Blog
  • -
  • Most useful .htaccess Tricks for WordPress
  • Most useful .htaccess Tricks for WordPress


    If you are using WordPress for a while now, you are bound to come across the .htaccess file. It is a configuration file for web servers. To be more precise, it is a configuration file for web servers powered by Apache software. The .htaccess is a powerful configuration file. You can use it to enhance your site’s performance and harden its security. In this article, we will share with you our collection of most useful .htaccess tricks for WordPress.

    Gettings started

    Before you apply any of this useful .htaccess tricks for WordPress, make sure to create a backup of your .htaccess file. This will ensure that you can revert your changes if something goes wrong. Use an FTP client or your cPanel file manager. The .htaccess file is located in the WordPress root installation directory.

    If you can’t find the .htaccess file, then make sure that hidden files are visible. If you still can’t find it, then create a new text file and upload it to your root directory. Once uploaded, rename it to .htaccess and you are good to go.

    Protect .htaccess From Unauthorized Access

    The first of our most useful .htaccess tricks for WordPress is to how to protect .htaccess file itself, how obvious! As the .htaccess file is so powerful, it is best to restrict anyone from editing this file. There’ s no point doing all the hard work and letting someone else ruin it all. Add the following to your .htaccess file to stop it from getting viewed or edited.

    <Files .htaccess>
    order allow,deny
    deny from all

    Protecting WordPress Admin Area

    The admin area should only be accessible to those who actually need it. This is easily done. Just copy and paste the following code in a .htaccess file in your WordPress admin area. Replace with your IP address.

    AuthUserFile /dev/null
    AuthGroupFile /dev/null
    AuthName "WordPress Admin Access Control"
    AuthType Basic
    order deny,allow
    deny from all
    allow from xx.xx.xx.xx

    Replace xx.xx.xx.xx with your IP address. A free site like  will help you to grab your IP address. In case you want access to your admin area from multiple IP addresses, simply add another line of Allow from xx.xx.xx.xx with another IP address.

    Protect WordPress configuration wp-config.php file

    The single most important configuration file is the wp-config.php file. It stores all database authentication info. Add the following code snippet to your .htaccess file to prevent unauthorized access to the wp-config.php file.

    <Files wp-config.php>
    order deny,allow
    Deny from all

    Protect php.ini file

    Another important file the php.ini is accessible to the world. A hacker can look at your PHP configuration and exploit it. Prevent access to your php.ini  file with the following code snippet added to your .htaccess file

    <Files php.ini>
    Order deny,allow
    Deny from All

    Ban someone from your website

    If you are noticing suspicious activities from an IP address, you can ban it using the following code snippet in your .htaccess file

    order allow,deny
    deny from xx.xx.xx.xx
    allow from all

    Prevent directory content from getting displayed

    Contents of your web server should never be visible to any unauthorized person. You should always prevent directory indexing display. Add the code snippet below to your .htaceess file

    Options All -Indexes

    Disable PHP execution in WordPress wp-includes directory

    PHP Files inside the wp-includes directory are not meant to be accessed directly. Enhance security of your WordPress by disabling access to these PHP files. Create a .htaccess file inside wp-includes directory and paste the following code

    <Files *.php>
    deny from all

    Disable image hotlinking

    If you are running a huge website, with lots of images, other users might hog your bandwidth by hotlinking to your content. This can slow down your website in addition to increasing your bandwidth consumption. The following code snippet will stop other from hotlinking your content

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)? [NC]
    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)? [NC]
    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)? [NC]
    RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]

    Speed up your WordPress site by enabling gzip compression

    Enabling gzip compression will force the server to compress the contents before sending them to the user. This will considerably speed up your website loading time. Add the following to your .htaccess file

    <IfModule mod_deflate.c>
    <IfModule mod_mime.c>
    AddOutputFilter DEFLATE js css htm html xml

    Search engine friendly redirects for your WordPress site

    This is one of the most useful .htaccess tricks. 301 redirects are SEO friendly and ensure that both users and search engines are safely redirected to the new location.

    Redirect 301 /oldurl/

    That’s all for our collection of most useful .htaccess tricks for WordPress. We hope you found something useful. Check out our blog for more useful tips and articles.

    Discover how we can help your business grow
    Schedule a 15 Min Consultation
    Talk with an expert on our team start in 2 simple steps
    • 1.
      Fill the form
    • 2.
      Choose a date & time
    Start Here
    • Pick a date & time of your choice.
    • No obligation. Cancel anytime.
    • Confidentiality guaranteed.
    • Get real solutions.