How To Create Default .htaccess File For WordPress?

  1. What is .htaccess File?
  2. How To Create .htaccess File?
  3. Htaccess For WordPress
  4. Small intro in the manual generation of .htaccess
  5. How to customize the default .htaccess files
    1. Customizing the code of .htaccess files with snippets
    2. Let’s start with snippers for the root of your server
    3. We should not forget about snippets for .htaccess in wp-admin
    4. wp-includes has snippets too
    5. And our last topic: snippet for .htaccess in wp-content/uploads
  6. Conclusion

What is .htaccess File?

The .htaccess is a server configuration file allowing setting up the details of the website without changing the config folder. The file is present in WordPress themes along with all Apache web hosting and can be used for your web page performance, safety, and user-friendliness improve. It can be found in your WP site root directory. All you must do is to link the file to the website with the help of an FTP client so that it can be edited.

By employing .htaccess files, you will get the following features that can be either enabled or disabled on your own: server signature, URL forwarding, file caching, password security and custom mistake pages. The files mentioned above set up and operate so-called server farms where web hosting users utilize the same Apache server. Without .htaccess files, the virtual hosting indicates that every client of the similar segment should use identically the same settings.

Thus, web hosts such as GoDaddy, DreamHost, MediaTemple, etc. enable .htaccess files. When they are enabled, the web page becomes faster than any others.

How To Create .htaccess File?

Creating a.htaccess file is quite easy if you know how. It can be created using any preferable text editor or directly in cPanel. To begin, open an empty text file and save it as shown below:



In case your server does not let you do this, you may save the file named ‘htaccess.txt’ and rename it to the appropriate one when it is applied to your site. Then include the following default code in the file, save the adjustments and submit the file to your WordPress root folder with the help of FTP client:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress

Make sure that there is no gap between lines when pasting the code into the .htaccess file. The code must look like presented below:


We also recommend that you set up a website permit of 644, so it will be protected from possible assaults. To understand the purpose of this file permission, read the article .

Best Plugins For A New WordPress Site [Free EBook]

Htaccess For WordPress

Here we will cover some helpful tricks for WP that can be tried in practice.

  • Protection of your WordPress admin panel by restricting the access to preferred IP addresses. All you must do is just copy-paste the below code into your .htaccess file. XX values should be changed to your IP address or all of them if you use more than one address.
  1. AuthUserFile /dev/null
  2. AuthGroupFile /dev/null
  3. AuthName "WordPress Admin Access Control"
  4. AuthType Basic
  5. <LIMIT GET>
  6. order deny,allow
  7. deny from all
  8. # whitelist Syed's IP address
  9. allow from
  10. # whitelist David's IP address
  11. allow from
  12. </LIMIT>
  • Directory browsing disable is highly recommended. If it is enabled, attackers can easily explore your site directory and file building to find unprotected files. To continue with the disable, add ‘Options-Indexes’ line to the .htaccess file.
  • 301 redirects option is the most SEO friendly method to inform your visitors that the content has been relocated. If you do not want to waste your time, there is a quick way to apply redirects: insert the code shown below into .htaccess file.
  1. Redirect 301 /oldurl/
  2. Redirect 301 /category/television/
  • File upload size increase can be reached out by pasting the next code into the file. The code indicates the server to the values which should be used to expand file upload size along with maximum runtime in WP.
  1. php_value upload_max_filesize 64M
  2. php_value post_max_size 64M
  3. php_value max_execution_time 300
  4. php_value max_input_time 300
  • Author scans blocking is needed if force attacks take place. This is a popular procedure being used to run author scans on WordPress site and try to hack passwords for those user accounts. To block such scans just add the code shown below to .htaccess file.
  1. # BEGIN block author scans
  2. RewriteEngine On
  3. RewriteBase /
  4. RewriteCond %{QUERY_STRING} (author=\d+) [NC]
  5. RewriteRule .* - [F]
  6. # END block author scans

You may find more useful .htaccess tricks for your WordPress site with the fullest description here .

wordpress themes


We have tried to cover some of the most crucial questions referring to a successful and productive work with .htaccess files in your WP website and hope that our article has helped you understand their principles better. We will be happy if you decide to share your user experience with us in the future.

.htaccess files are config files developed to execute specific commands on Apache servers. And depending on its location it influences a website directly or some subdirectory. Obviously, the most important files stored in the root, but you can also find .htaccess files in wp-includes, wp-content/upload or wp-admin.

Small intro in the manual generation of .htaccess

Developers of WordPress Dashboard made it possible to generate such files automatically. IT is pretty easy to do. In Settings, there is a Permalinks button. Click on and after that simply save the changes you have implemented. And voila you have a WordPress default .htaccess file in a website's’ root. Moreover, there are few editors ready to help you change .htaccess file fast.

But it is wise to know the ways to edit everything manually. Including default .htaccess generation. There are two ways: you can create such a file on a computer or on a server. A text editor is the easiest way to generate such files on a PC. Let’s create a .txt file named htaccess.txt. Then open it and do the coding you required for implementing additional commands. Then copy-paste created file to the root. Just remember to change the file’s extension to .htaccess.

You need even fewer steps when you need to generate a .htaccess file directly on a server. At first, go to the directory (or subdirectory) where your .htaccess file will locate. Open the drop-down menu with RMB and create a new file with .htaccess extension. Then edit it as you wish with a Notepad++ for example.

How to customize the default .htaccess files

Here we have to make a little note. Keep in mind that manual editing and generation of .htaccess files can be risky. It can ruin your website and after that, it may take time to restore the previous version. So remember to make a few things when you work with .htaccess file.

  • Backup the current version of your WordPress project. When you mess everything up (which happens often at first attempt) it is always good to start from a checkpoint.
  • It is also a good idea to check the result of changes with a WP website clone. As a copy of your website, such a tool can show you how changes reflect on your website. Obviously, without implementing those changes directly to your original website.
  • Backup your .htaccess file too. Save it on your PC before you start editing. Most obvious tip. But it saves a lot of time to simply copy a file instead of recreating it by memory.

Customizing the code of .htaccess files with snippets

Snippets are an important part of .htaccess file editing. These reusable code parts can make your life really easy and enrich your website functional if you know how to use them.

You can find many of them online. For example, on a GitHub or CSS-tricks. So let’s check some of them out and find out what they can do with your website.

So, at first, we must find a .htaccess file. Go to the root directory and open it. If the installation was successful then you wills this code:

# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# WordPress

Now you can add new code or snippers into this default .htaccess file.

Let’s start with snippers for the root of your server.

Directory browsing disable

The default settings of the server allow you to browse the website’s directory. But it may lead to some security risks. It looks like this:

And if you want to eliminate this threat than use this code:

# Désactivate the display of contents of rédirectories
Options All -Indexes

The result will look like:

Snipper for hiding information about your server

The same risks may push you to hide information about your server. It can be done with next snipper:

 # Mask the information of server
ServerSignature Off

Time settings for the server

When your server is abroad it may have some troubles with time settings. And you can change them with:

# set the server timezone
SetEnv TZ America/Washington

And the last snipper is restricting access to your .htaccess file.

It looks like this:

# Restrict access to htaccess
<files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all

For some hackers, it is also possible to burn down your bandwidth by hotlinking on the image on your website. It creates risks for your website optimization, and we all know that web search algorithms prefer fast websites. It may harm your SEO function.

This snipper can help you avoid such issues:

#Stop hotlinkers in their tracks
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)? [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)? [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)? [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ – [NC,F,L]

It is also important how to ban the IP address

It is very useful if there are issues with spam commenters or some suspicious activity on your website.

#Ban Spammers and bots by blacklisting IP addresses
<Limit GET POST>
order allow,deny
deny from
deny from
deny from
deny from
deny from
allow from all

We should not forget about snippets for .htaccess in wp-admin.

It is a place where most of your customization stores. Here you write posts, do menu configurations, customize your theme and so on.

And it is obvious that you want to limit access to your website administration. In order to do so, you can list IPs that may get access to the admin area.

order deny,allow
deny from all
allow from xx.xx.xx.xx //( your static IP)
allow from xx.xx.xx.xx //( Whitelist IP)
allow from xx.xx.xx.xx //( Whitelist IP)
allow from xx.xx.xx.xx //( Whitelist IP)
allow from xx.xx.xx.xx //( Whitelist IP)
allow from xx.xx.xx.xx //( Whitelist IP)

wp-includes has snippets too.

With this snippet, you can limit direct access to files with a  .PHP extension.

<Files wp-tinymce.php>
allow Aallow from all
<FilesMatch "\.(?i:php)$">
  <IfModule !mod_authz_core.c>
      Order allow,deny
     Deny from all
  <IfModule mod_authz_core.c>
      Require all denied
<Files wp-tinymce.php>
  Allow from all

<Files ms-files.php>
  Allow from all

And our last topic: snippet for .htaccess in wp-content/uploads

This codding product allows us to use only selected files from the wp-content subdirectory. In a few words, it denies entry to stored files. In addition, it will allow you to selectively unblock various types of files.

# Disable access to all file types except the following
Order deny,allow
Deny from all
<Files ~ ".(xml|css|js|jpe?g|png|gif|pdf|docx|rtf|odf|zip|rar)$">
Allow from all

Related Posts

Useful .htaccess Snippets Collection. 15 Tricks to Take Better Control of Your Site

Guide to Keep Your WordPress Theme and Plugin Code Secure

Best Customer Service and Chat Plugins for WordPress 2020

Brand New Solution to Attract Home Customers: Real Estate Agency WordPress Theme

Don’t miss out these all-time favourites

  1. The best hosting for a WordPress website. Tap our link to get the best price on the market with 82% off. If HostPapa didn’t impress you check out other alternatives.
  2. Website Installation service - to get your template up and running within just 6 hours without hassle. No minute is wasted and the work is going.
  3. ONE Membership - to download unlimited number of WordPress themes, plugins, ppt and other products within one license. Since bigger is always better.
  4. Ready-to-Use Website service is the ultimate solution that includes full template installation & configuration, content integration, implementation of must-have plugins, security features and Extended on-page SEO optimization. A team of developers will do all the work for you.
  5. Must-Have WordPress Plugins - to get the most essential plugins for your website in one bundle. All plugins will be installed, activated and checked for proper functioning. 
  6. Finest Stock Images for Websites - to create amazing visuals. You’ll get access to to choose 15 images with unlimited topic and size selection.
  7. SSL Certificate Creation service - to get the absolute trust of your website visitors. Comodo Certificate is the most reliable https protocol that ensures users data safety against cyber attacks. 
  8. Website speed optimization service - to increase UX of your site and get a better Google PageSpeed score.


Self-taught copywriter specialized in web design, marketing, and traveling. Graduated with a degree in German and English translation. Obsessed with guides, listings, and long-read blog posts. Open for new information and strives to explore more undisclosed subjects. Social Media Accounts: Fb, Twitter, LinkedIn.

Get more to your email

Subscribe to our newsletter and access exclusive content and offers available only to MonsterPost subscribers.

From was successfully send!
Server error. Please, try again later.

Leave a Reply