What are htaccess files?
Htaccess files are configuration files used in Apache web server. They are used to override the main web server configuration for a particular directory. For .htaccess files to work, the main Apache web server configuration option AllowOverride must be enabled. If the AllowOverride option is not switched on, then the .htaccess file configurations will not work and the main web server configuration will be applied. So before applying any configuration changes using .htaccess files, always check that the AllowOverride option is enabled.
WPWhiteSecurity Webmaster TIP: .htaccess file are very powerful and the slightest syntax error, such as forgetting a ‘<’ character, might break the functionality of your website. Therefore before making any changes to an existing .htaccess file always make a backup first. Once you apply the changes test your website thoroughly.
Performance Issues
When .htaccess files are used, each time someone visits your website the Apache web server must search through each and every directory within the domain and load all .htaccess files configurations. Such operation will not affect the performance of low traffic website, though the web master might notice performance degradation in high traffic websites. Therefore .htaccess files should only be used when the main web server configuration is not accessible, as in a web hosting environment. If the Apache web server configuration is accessible, all the configuration directives should be specified at server level.
Htaccess files for WordPress
Htaccess files are very common with WordPress users since they can be used to improve both the performance and also the security of a WordPress blog or website. Below is a list of WordPress tutorials on how you can use .htaccess files for securing and boosting the performance of your WordPress.
- Protect wp-config.php (WordPress configuration file) with htaccess
- Restrict access via IP address to the wp-admin directory with htaccess
- Block bad users (via ip addresses) from accessing your WordPress with htaccess
- Block bad bots from accessing your WordPress with htaccess
- Prevent image hotlinking and other media files with htaccess
- Restrict access to sensitive WordPress files with htaccess
- How to use htaccess to configure custom error pages for your WordPress
- The complete htaccess file for your WordPress
Modifying the WordPress htaccess file
When you enable Permalinks in WordPress an .htaccess file is created in the root directory of your WordPress installation. When WordPress writes to an .htaccess file it always writes the data between the BEGIN WordPress and END WordPress .htaccess file comments. As seen in the example below, these two lines start with a hash ‘#’ character, which means such lines are comments and will not affect the configuration.
# BEGIN WordPress WORDPRESS DATA # END WordPress
When updating the default WordPress .htaccess file it is important to NEVER add any configuration directives between those two comment lines. Any configuration directives between these two comments might be overwritten by WordPress.
How to create an htaccess file for WordPress
Some operating systems such as Microsoft Windows, do not allow you to create a .htaccess file. Though there are several third party text editors which run on Windows that allow you to directly save an .htaccess files. If you want to use the default Windows text editor, Notepad, then you can follow one of the below methods to create an .htaccess file on Windows.
Method 1
- Using Notepad, start typing your .htaccess file
- Once ready, save the file as a normal txt file, such as htaccess.txt
- Using an FTP client, upload the text file to the website
- Once uploaded, rename the file to .htaccess file
Method 2
- Using notepad, start typing down your .htaccess file.
- Once you are ready to save it, from the Save dialogue window select “All files” from the Save as type drop down menu which can be found at the bottom.
- Save the file as .htaccess
- Using an FTP client, upload the text file to the website
