7 .htaccess Rules That Every WordPress User Should Know

If you are hosting your site on an Apache server, you will come across the Hypertext Access file or “.htaccess” for short. This file allows you to create rules and control file and folder access in the root and subdirectories. In fact, if you open the .htaccess file located in the WordPress root directory, you will see a code snippet related to WordPress permalink settings. However, you can do so much more with this file. Here are seven of the best .htaccess rules that every WordPress user should know and implement.

1. Unless otherwise stated, all the code snippets shared below should be added to the .htaccess file located in the root directory of your website.

2. Before making any changes, make sure that you have a good backup of the file so that you can restore it if anything goes wrong.

Disabling the directory browsing is one of the first things you should do when you install WordPress. If the directory browsing is enabled, it exposes your directories and lets any site visitor browse through tEm. Though some web hosts disable it by default, most of them leave it enabled. To disable directory browsing, all you have to do is add the following code in your .htaccess file.

#Disable directory browsing
Options All -Indexes


There are many plugins for WordPress that let you redirect URLs however you want. But if you are looking to redirect just a couple of URLs, then you don’t have to use a dedicated plugin; all you have to do is use a¬†code snippet like the one below. Don’t forget to replace the URLs according to your needs.

#Create 301 redirects
Redirect 301 /oldpage.html http://example.com/newpage.html

Using .htaccess files, you can also enable browser caching which allows your website to load faster for returning visitors. To enable browser caching, all you have to do is add the below code snippet to your .htaccess file.

#Enable browser caching
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access 1 year"
ExpiresByType image/jpeg "access 1 year"
ExpiresByType image/gif "access 1 year"
ExpiresByType image/png "access 1 year"
ExpiresByType text/css "access 1 month"
ExpiresByType application/pdf "access 1 month"
ExpiresByType text/x-javascript "access 1 month"
ExpiresByType application/x-shockwave-flash "access 1 month"
ExpiresByType image/x-icon "access 1 year"
ExpiresDefault "access 2 days"

If you are doing some quick maintenance on your website or if your website is broken for some reason, then using a fancy maintenance plugin may not be a good choice. In those situations, create a HTML page with a simple maintenance message, upload it to your root directory and use the code snippet below to redirect your site visitors to the maintenance page. Don’t forget to replace “maintenance.html” with whatever file name you’ve chosen.

#Enable maintenance mode
RewriteEngine on
RewriteCond %{REQUEST_URI} !/maintenance.html$
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123
RewriteRule $ /maintenance.html [R=302,L]


If you are the only user on your WordPress site, then preventing others from accessing your admin area can help you increase your site security. To restrict others from accessing the admin area, simply use the code snippet below. Replace with your actual IP address. As you can see, you can also add multiple IP addresses if you want.

#Restrict wp-login.php
<Files wp-login.php>
Order Deny, Allow
Deny from All
Allow from
Allow from xxx.xxx.x.x


If you are seeing a lot of suspicious activity from a particular IP address, then you can easily ban it using the .htaccess rules. All you have to do is add the below rule while replacing the IP address with the actual suspicious IP address.

#Ban suspicious IP addresses
<Limit GET POST>
order allow,deny
deny from
deny from
allow from all

Since you can do so much with your .htaccess file, it is important that you protect the file from any and all unauthorized users. To do that, simply add the below code snippet.

#Protect htaccess file
<files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all

There are many more things you can add to your .htaccess file, but the seven mentioned above should suffice for now. Do comment below sharing your favorite .htaccess rules and tips.

Leave a Reply

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.