QUICK TIP - Most Useful .htaccess Tricks for WordPress

0 543,889
Most Useful .htaccess Tricks for WordPress | A&H Business Technology
Related posts

An easier way to improve your WordPress security is by disabling PHP execution for some WordPress directories.

You will need to create a blank .htaccess file on your computer and then paste the following code inside it.

<Files *.php>
deny from all

Save the file and then upload it to your /wp-content/uploads/ and /wp-includes/ directories.

5. Protect Your WordPress Configuration wp-config.php File

Probably the most important file in your WordPress website’s root directory is wp-config.php file. It contains information about your WordPress database and how to connect to it.

To protect your wp-config.php file from unathorized access, simply add this code to your .htaccess file:

<files wp-config.php>
order allow,deny
deny from all


6. Setting up 301 Redirects Through .htaccess File

Using 301 redirects is the most SEO friendly way to tell your users that a content has moved to a new location.

On the other hand, if you want to quickly setup redirects, then all you need to do is paste this code in your .htaccess file.

Redirect 301 /oldurl/ http://www.example.com/newurl
Redirect 301 /category/television/ http://www.example.com/category/tv/


7. Ban Suspicious IP Addresses

Are you seeing unusually high requests to your website from a specific IP address? You can easily block those requests by blocking the IP address in your .htaccess file.

Add the following code to your .htaccess file:

<Limit GET POST>
order allow,deny
deny from xxx.xxx.xx.x
allow from all

Don’t forget to replace xx with the IP address you want to block.

8. Disable Image Hotlinking in WordPress Using .htaccess

Other websites directly hotlinking images from your site can make your WordPress site slow and exceed your bandwidth limit. This isn’t a big issue for most smaller websites. However, if you run a popular website or a website with lots of photos, then this could become a serious concern.

You can prevent image hotlinking by adding this code to your .htaccess file:

#disable hotlinking of images with forbidden or custom image option
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?wpbeginner.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ – [NC,F,L]

This code only allows images to be displayed if the request is originating from wpbeginner.com or Google.com. Don’t forget to replace wpbeginner.com with your own domain name.

For more ways to protect your images see our guide on ways to prevent image theft in WordPress.

9. Protect .htaccess From Unauthorized Access

As you have seen that there are so many things that can be done using the .htaccess file. Due to the power and control it has on your web server, it is important to protect it from unauthorized access by hackers. Simply add following code to your .htaccess file:

<files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all


10. Increase File Upload Size in WordPress

There are different ways to increase the file upload size limit in WordPress. However, for users on shared hosting some of these methods do not work.

One of the methods that has worked for many users is by adding following code to their .htaccess file:

php_value upload_max_filesize 64M
php_value post_max_size 64M
php_value max_execution_time 300
php_value max_input_time 300

This code simply tells your web server to use these values to increase file upload size as well as maximum execution time in WordPress.

11. Disable Access to XML-RPC File Using .htaccess

Each WordPress install comes with a file called xmlrpc.php. This file allows third-party apps to connect to your WordPress site. Most WordPress security experts advise that if you are not using any third party apps, then you should disable this feature.

There are multiple ways to do that, one of them is by adding the following code to your .htaccess file:

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all


12. Blocking Author Scans in WordPress

A common technique used in brute force attacks is to run author scans on a WordPress site and then attempt to crack passwords for those usernames.

You can block such scans by adding the following code to your .htaccess file:

# BEGIN block author scans
RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} (author=\d+) [NC]
RewriteRule .* - [F]
# END block author scans


We hope this article helped you learn the most useful .htaccess tricks for WordPress. You may also want to see our ultimate step by step WordPress security guide for beginners.


TinyURL for this post: https://tinyurl.com/y6fmxnt5

Sorry, The Comment Form Is Temporarily Closed At This Time
You may also like

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More