How to Create & Edit the Default WordPress .htaccess File

The importance of the .htaccess file in modifying the core functionality, improving security, implementing redirects, and configuring a WordPress website cannot be overstated. In this article, we will discuss the process of locating, creating, and editing the .htaccess file, while also highlighting important precautions to ensure the smooth functioning of your website.

What is the .htaccess file?

The .htaccess file serves as a configuration file that controls a website’s behavior on a per-directory basis. It acts as the control room for your WordPress website, allowing you to modify various functionalities and settings without altering the core code. It empowers you to manage your site’s behavior, security protocols, redirects, and performance optimization.

While a general website may not require a .htaccess file, it becomes essential for content management systems like WordPress, which rely on dynamic functionality. Consequently, locating and editing the .htaccess file becomes crucial for customizing your website’s functionality.

Precautions while working with the Default WordPress .htaccess file

As the .htaccess file determines the functionality of your entire website, it is crucial to approach it with caution. Before making any changes or modifications, it is essential to take the following precautionary steps:

Take a backup of the original file: Before modifying the .htaccess file, create a backup copy of the original. This backup will enable you to restore the file if any issues arise during or after the editing process.
Use correct syntax: The .htaccess file is sensitive to syntax errors, so it is important to ensure that you use the correct syntax when making changes. Even a small typo can render the file invalid and result in errors on your website.
Avoid deleting unfamiliar codes: The default WordPress .htaccess file contains important code that is necessary for the proper functioning of your website. Unless you have a thorough understanding of the code and its implications, avoid deleting any of it.
Test your changes: After making changes to the .htaccess file, thoroughly test your website to ensure that everything is still functioning correctly. Test different pages and functions to ensure that no issues have been introduced.
Prioritize security: While the .htaccess file can enhance your website’s security, it can also pose a risk if handled incorrectly. Be mindful of potential security holes that may arise from improper changes to the file.

Consult with an expert if unsure: If you are unsure about making changes to the .htaccess file or if you have concerns about the potential impact, it is advisable to consult with an expert. A WordPress developer or your hosting provider’s support team can provide valuable guidance.
Keep a log of changes: It is a good practice to maintain a log of changes made to your .htaccess file. This log will prove useful if you need to revert any actions in the future. Utilizing a version control system like Git can simplify this process.

How to Locate the Default WordPress .htaccess File

Now that you are aware of the precautions to take, let’s explore the methods for locating the .htaccess file, creating backups, and editing it if necessary.

Method 1: Locating the .htaccess file with cPanel

Using cPanel, you can easily locate the .htaccess file. Here’s how:

Log in to your website’s cPanel account. Access the cPanel either through your website’s URL followed by “/cpanel” or via your hosting provider’s control panel.
Scroll down to the “Files” section in the cPanel dashboard and click on “File Manager.” This action will open the File Manager.
Select the “public_html” folder and navigate to the root directory of your WordPress installation.
Look for the .htaccess file in the root directory. If it is not visible, ensure that the option to show hidden files and folders is enabled. In the top right corner of the File Manager, click on the “Settings” button, and check the box next to “Show Hidden Files (dot files).”

Method 2: Locating the .htaccess file with an FTP client

An FTP client software program allows you to locate the .htaccess file through a different method. Here’s how:

Download and install an FTP client software like FileZilla, Cyberduck, or WinSCP.
Configure the FTP client by entering the host, port, login type, username, and password. Obtain these details from your web server’s control panel.
Open your FTP client and navigate to the root directory of your WordPress installation. This is typically the “public_html” folder or a folder with your website’s name.
Look for the .htaccess file in the directory. If it is not visible, ensure that the option to show hidden files and folders is enabled in your FTP client.

Creating a Default WordPress .htaccess File: A Step-by-Step Guide

In certain cases, you may need to create the .htaccess file if it is not present. There are two methods to accomplish this:

Method 1: Creating the .htaccess file

To create the default .htaccess file within the root directory, follow these steps:

Navigate to the root directory using the methods mentioned above.
Click on the “+File” button to add/create a new file within the root folder.
Name the file “.htaccess” and press enter to open a text editing field.
In the text field, copy and paste the following code:

# BEGIN WordPress

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteBase /

RewriteRule ^index\.php$ – [L]

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule . /index.php [L]


# END WordPress


Save the file, and you will have your default .htaccess file.

Method 2: Generating the .htaccess file

If you prefer generating the .htaccess file, follow these steps:

Gather all the necessary details about your domain and hosting from your hosting provider.
Use an online .htaccess generator tool such as htaccessredirect.
Input the required data and click “generate” to create the .htaccess file.
After creating the .htaccess file, upload it to the root directory of your website using either an FTP client or your web host’s file manager.

How to Edit the Default WordPress .htaccess File

Editing the default WordPress .htaccess file becomes necessary in certain cases, such as altering functionality or implementing redirects. Here are the steps to do it:

Editing the .htaccess file on WordPress

If you want to reset the .htaccess file to its default state, follow these steps:

Log in to your WordPress dashboard and navigate to Settings > Permalinks.
Scroll down to the “Permalink Settings” section and click on the “Save Changes” button. This action will regenerate the .htaccess file with the default WordPress rewrite rules.
Editing the .htaccess File for Customizations

When making custom changes to the .htaccess file, you have three options:

Using an FTP client: Open the .htaccess file in a plain text editor, such as Notepad++, and make the necessary changes. Avoid modifying any existing rules that are essential for your website’s functioning.
Using the built-in file editor in your hosting control panel: Access the file editor provided by your hosting control panel and open the .htaccess file. Make the required changes, ensuring you do not modify any critical rules.
Using a plugin like “WP File Manager”: Install and activate a suitable plugin that provides a file manager functionality. Navigate to the .htaccess file and edit it using the plugin’s interface.
Regardless of the method you choose, remember to save the file or upload it back to the server, depending on the editing method used. Afterward, verify that your website is functioning correctly and that your changes have been implemented as intended.

How to Take a Backup of the .htaccess File

Before modifying or editing the main .htaccess file, it is essential to create a backup. Here’s how you can do it:

Locate the .htaccess file using the methods described earlier.
Right-click on the .htaccess file and select “Copy” from the context menu.
Choose a destination folder where you want to save the backup file. Click on the “Copy File(s)” button to create a copy of the .htaccess file.
To easily identify and track the backup file, consider renaming it to something like “htaccess_backup_date.”
Once the backup file is created, you can either download it to your local computer or keep it in the directory for safekeeping.
Common .htaccess Code Snippets

While editing the .htaccess file, you may come across various code snippets for different purposes. Here are ten common code snippets:

Redirect all traffic to HTTPS:
vbnetCopy code

RewriteEngine on RewriteCond %{HTTPS} !on RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} # Note: Enabling HTTP Strict Transport Security (HSTS) is recommended for HTTPS websites to prevent man-in-the-middle attacks. See <IfModule mod_headers.c> # Remove “includeSubDomains” if you don’t want to enforce HSTS on all subdomains Header always set Strict-Transport-Security “max-age=31536000;includeSubDomains” </IfModule>

Redirect a single page:
bashCopy code

Redirect 301 /oldpage.html Redirect 301 /oldpage2.html

Redirect an entire site:
arduinoCopy code

Redirect 301 /

Exclude URL from redirection:
cssCopy code

RewriteEngine On RewriteRule ^robots.txt – [L]

Block access to the wp-config.php file:
cssCopy code

<Files wp-config.php> Order allow,deny Deny from all </Files>

Protecting your site from hotlinking:
rubyCopy code

RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)? [NC] RewriteRule \.(jpg|jpeg|png|gif)$ – [NC,F,L]

Custom error pages:
bashCopy code

ErrorDocument 500 “Houston, we have a problem.” ErrorDocument 401 ErrorDocument 404 /errors/halflife3.html

Auto UTF-8 Encode:

# Use UTF-8 encoding for anything served text/plain or text/html

AddDefaultCharset utf-8


# Force UTF-8 for a number of file formats

AddCharset utf-8 .atom .css .js .json .rss .vtt .xml


Block spammers and bots:

# Blocks spammers and bots

<Limit GET POST>

Order Allow,Deny

Deny from

Deny from yy.yy.yy.yyy


Allow from all


Send visitors to a maintenance page:


# Redirects to maintenance page

<IfModule mod_rewrite.c>

RewriteEngine on

RewriteCond %{REMOTE_ADDR} !^123\.456\.789\.000

RewriteCond %{REQUEST_URI} !/maintenance.html$ [NC]

RewriteCond %{REQUEST_URI} !\.(jpe?g?|png|gif) [NC]

RewriteRule .* /maintenance.html [R=503,L]


# Redirects to maintenance page

<IfModule mod_rewrite.c>

RewriteEngine on

RewriteCond %{REMOTE_ADDR} !^123\.456\.789\.000

RewriteCond %{REQUEST_URI} !/maintenance.html$ [NC]

RewriteCond %{REQUEST_URI} !\.(jpe?g?|png|gif) [NC]

RewriteRule .* /maintenance.html [R=503,L]


Best Practices for Editing the Default WordPress .htaccess File

When editing the default WordPress .htaccess file, it is crucial to follow these best practices to ensure the safety and functionality of your website:

    1. Understand the impact of incorrect .htaccess codes: Incorrect codes can break your website, render it inaccessible, or harm its search engine ranking. Avoid editing the .htaccess code if you lack sufficient knowledge.
    2. Know the .htaccess file structure: Familiarize yourself with the structure of the .htaccess file, including header comments and code blocks targeting specific functionalities. Make changes accordingly.
    3. Test the .htaccess file after making changes: Thoroughly test your modified .htaccess file to ensure it works as intended. Check website functionality, accessibility, and page load times. Tools like Google Search Console, SEMrush, or Serpstat can assist in testing SEO aspects.
    4. Remove unnecessary codes: To optimize your site’s performance, remove any unused rules from the .htaccess file, keeping only the necessary ones.
    5. Take regular backups: Always back up the original .htaccess file before making any changes. This will allow you to revert to the original file if issues arise during the editing process.
    6. Use a suitable text editor: Use a text editor specifically designed for editing .htaccess files, such as Notepad++ or Sublime Text. Avoid using word processors like Microsoft Word or Google Docs, as they may introduce formatting or hidden characters that could cause issues.
    7. Keep the .htaccess file clean: Remove any unused or unnecessary rules from the .htaccess file to improve performance and reduce the risk of errors.
    8. Use proper syntax: Ensure that you use proper syntax and formatting when adding new code to the .htaccess file. Incorrect syntax can result in errors or prevent the file from functioning correctly.
    9. Document your changes: Add comments to document any changes made to the .htaccess file. This will aid you and other developers in understanding the purpose of each rule or configuration.


Working with the .htaccess file can be an exciting endeavor when you have the necessary knowledge. It empowers you to go the extra mile in terms of website functionality and security. However, it is crucial to approach it with caution and avoid making changes unless you are confident in your understanding.

Remember to prioritize security configurations, such as preventing hotlinking or blocking malicious requests, to safeguard your website. By following best practices, taking backups, and testing changes, you can ensure a smooth and successful experience with the .htaccess file.

Leave a Comment

Your email address will not be published. Required fields are marked *