You may know about the .htaccess file in a WordPress site, but did you know useful tricks that you can use to improve your WordPress site security, functionality, and for optimization. in this article we will tell you 7 Useful tricks of the .htaccess file.
What is .htaccess?
The .htaccess is a distributed configuration file and is how Apache handles configuration changes on a per-directory basis.
WordPress uses this file to manipulate how Apache serves files from its root directory and subdirectories thereof. Most notably, WP modifies this file to be able to handle pretty permalinks.
.htaccess is a configuration file for use on web servers running the Apache Web Server software. When a .htaccess file is placed in a directory which is in turn 'loaded via the Apache Web Server', then the .htaccess file is detected and executed by the Apache Web Server software. These .htaccess files can be used to alter the configuration of the Apache Web Server software to enable/disable additional functionality and features that the Apache Web Server software has to offer. These facilities include basic redirect functionality, for instance, if a 404 file not found error occurs, or for more advanced functions such as content password protection or image hot link prevention.
7 Useful Tricks of the .htaccess file.
1.Disable Access to XML-RPC File Using .htaccess
Each WordPress install comes with a file called xmlrpc.php. This file allows third-party apps to connect to your WordPress site. Most WordPress security experts advise that if you are not using any third party apps, then you should disable this feature.
There are multiple ways to do that, one of them is by adding the following code to your .htaccess file:
# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>
2.Increase File Upload Size in WordPress
There are different ways to increase the file upload size limit in WordPress. However, for users on shared hosting, some of these methods do not work.
One of the methods that has worked for many users is by adding following code to their .htaccess file:
php_value upload_max_filesize 64M
php_value post_max_size 64M
php_value max_execution_time 300
php_value max_input_time 300
This code simply tells your web server to use these values to increase file upload size as well as maximum execution time in WordPress.
3.Protect .htaccess From Unauthorized Access
As you have seen that there are so many things that can be done using the .htaccess file. Due to the power and control, it has on your web server, it is important to protect it from unauthorized access by hackers. Simply add following code to your .htaccess file:
<files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</files>
4.Ban Suspicious IP Addresses
Are you seeing unusually high requests to your website from a specific IP address? You can easily block those requests by blocking the IP address in your .htaccess file.
Add the following code to your .htaccess file:
<Limit GET POST>
order allow,deny
deny from xxx.xxx.xx.x
allow from all
</Limit>
Don’t forget to replace xx with the IP address you want to block.
5.Setting up 301 Redirects Through .htaccess File
Using 301 redirects is the most SEO friendly way to tell your users that a content has moved to a new location. Using the web server configuration file .htaccess, WordPress users can set up 301 redirects that are fast.
On the other hand, if you want to quickly setup redirects, then all you need to do is paste this code in your .htaccess file.
Please keep in mind that a small mistake in your .htaccess code can make your WordPress site inaccessible, and it may start showing Internal Server Error.
That’s why it is important that you backup your .htaccess file before making any changes.
To edit your .htaccess file, you will need to connect to your website using an FTP client. The .htaccess file resides in your WordPress site’s root directory.
If you can’t see your .htaccess file there, then you need to force your FTP client to show hidden files.
Redirect 301 /oldurl/ http://www.example.com/newurl
Redirect 301 /category/television/ http://www.example.com/category/tv/
6. Protect Your WordPress Configuration wp-config.php File
Probably the most important file in your WordPress website’s root directory is a wp-config.php file. It contains information about your WordPress database and how to connect to it.
To protect your wp-config.php file from unathorized access, simply add this code to your .htaccess file:
<files wp-config.php>
order allow,deny
deny from all
</files>
7. Disable Directory Browsing
Many WordPress security experts recommend disabling directory browsing. With directory browsing enabled, hackers can look into your site’s directory and file structure to find a vulnerable file.
To disable directory browsing on your website, you need to add the following line to your .htaccess file.
Options -Indexes
Now save your .htaccess file and upload it back to your server using your FTP client. That’s all you need to do. Directory browsing is now disabled on your WordPress site and people trying to locate a directory index on your website will be redirected to WordPress 404 page.
We hope you liked this article and ready to use these .htaccess trick.
What is .htaccess?
The .htaccess is a distributed configuration file and is how Apache handles configuration changes on a per-directory basis.
WordPress uses this file to manipulate how Apache serves files from its root directory and subdirectories thereof. Most notably, WP modifies this file to be able to handle pretty permalinks.
.htaccess is a configuration file for use on web servers running the Apache Web Server software. When a .htaccess file is placed in a directory which is in turn 'loaded via the Apache Web Server', then the .htaccess file is detected and executed by the Apache Web Server software. These .htaccess files can be used to alter the configuration of the Apache Web Server software to enable/disable additional functionality and features that the Apache Web Server software has to offer. These facilities include basic redirect functionality, for instance, if a 404 file not found error occurs, or for more advanced functions such as content password protection or image hot link prevention.
7 Useful Tricks of the .htaccess file.
1.Disable Access to XML-RPC File Using .htaccess
Each WordPress install comes with a file called xmlrpc.php. This file allows third-party apps to connect to your WordPress site. Most WordPress security experts advise that if you are not using any third party apps, then you should disable this feature.
There are multiple ways to do that, one of them is by adding the following code to your .htaccess file:
# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>
2.Increase File Upload Size in WordPress
There are different ways to increase the file upload size limit in WordPress. However, for users on shared hosting, some of these methods do not work.
One of the methods that has worked for many users is by adding following code to their .htaccess file:
php_value upload_max_filesize 64M
php_value post_max_size 64M
php_value max_execution_time 300
php_value max_input_time 300
This code simply tells your web server to use these values to increase file upload size as well as maximum execution time in WordPress.
3.Protect .htaccess From Unauthorized Access
As you have seen that there are so many things that can be done using the .htaccess file. Due to the power and control, it has on your web server, it is important to protect it from unauthorized access by hackers. Simply add following code to your .htaccess file:
<files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</files>
4.Ban Suspicious IP Addresses
Are you seeing unusually high requests to your website from a specific IP address? You can easily block those requests by blocking the IP address in your .htaccess file.
Add the following code to your .htaccess file:
<Limit GET POST>
order allow,deny
deny from xxx.xxx.xx.x
allow from all
</Limit>
Don’t forget to replace xx with the IP address you want to block.
5.Setting up 301 Redirects Through .htaccess File
Using 301 redirects is the most SEO friendly way to tell your users that a content has moved to a new location. Using the web server configuration file .htaccess, WordPress users can set up 301 redirects that are fast.
On the other hand, if you want to quickly setup redirects, then all you need to do is paste this code in your .htaccess file.
Please keep in mind that a small mistake in your .htaccess code can make your WordPress site inaccessible, and it may start showing Internal Server Error.
That’s why it is important that you backup your .htaccess file before making any changes.
To edit your .htaccess file, you will need to connect to your website using an FTP client. The .htaccess file resides in your WordPress site’s root directory.
If you can’t see your .htaccess file there, then you need to force your FTP client to show hidden files.
Redirect 301 /oldurl/ http://www.example.com/newurl
Redirect 301 /category/television/ http://www.example.com/category/tv/
6. Protect Your WordPress Configuration wp-config.php File
Probably the most important file in your WordPress website’s root directory is a wp-config.php file. It contains information about your WordPress database and how to connect to it.
To protect your wp-config.php file from unathorized access, simply add this code to your .htaccess file:
<files wp-config.php>
order allow,deny
deny from all
</files>
7. Disable Directory Browsing
Many WordPress security experts recommend disabling directory browsing. With directory browsing enabled, hackers can look into your site’s directory and file structure to find a vulnerable file.
To disable directory browsing on your website, you need to add the following line to your .htaccess file.
Options -Indexes
Now save your .htaccess file and upload it back to your server using your FTP client. That’s all you need to do. Directory browsing is now disabled on your WordPress site and people trying to locate a directory index on your website will be redirected to WordPress 404 page.
We hope you liked this article and ready to use these .htaccess trick.
![[FREE] How to Download & Activate Newsmag Premium WP Theme For Free!](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkAPT-vVJjgSHABeIM5j_o7zcwdAa9aPrU1pWeXlcwbFZ6YzToxCos8oNB0_rnEKP9Q8q3Ftg9kmwkOKKsUHc279wxk7LugO9CzaxIb9hBwXxWBW9tu0qhMqJGAbDpbwz0voixMS8Ivzs/w72-h72-p-k-no-nu/newsmag+4.png)
![[FREE] How to Download & Activate Newsmag Premium WP Theme For Free!](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkAPT-vVJjgSHABeIM5j_o7zcwdAa9aPrU1pWeXlcwbFZ6YzToxCos8oNB0_rnEKP9Q8q3Ftg9kmwkOKKsUHc279wxk7LugO9CzaxIb9hBwXxWBW9tu0qhMqJGAbDpbwz0voixMS8Ivzs/w90-h90-p-k-no-nu/newsmag+4.png "[FREE] How to Download & Activate Newsmag Premium WP Theme For Free!")
0 Comments