.htaccess

Last Updated:

An .htaccess file is a type of configuration file used by Apache web servers. This file is used for adding or removing functionality for a website. If the file is placed in the root directory, it will affect your entire site. But it can also be placed in a sub-folder, and thus will only impact the contents of that folder.

Common actions that can be enabled by an .htaccess file include:

  • Password protection
  • Rules for specific IP addresses
  • Custom error pages
  • URL Redirects

What is an .htaccess file?

An .htaccess file is a configuration file used exclusively on web servers that run the Apache software. On many shared hosting accounts, .htaccess files give the website owner more control over their server configuration. The same rules that can be added to an .htaccess file can also be set in the httpd main server config file. Most hosting companies do not provide root server access, so .htaccess files are necessary for making configuration changes.

How an .htaccess file works?

Every time someone requests a page on your website, a message is sent to your web server. If you are using a server running the Apache software, the software checks for the presence of an .htaccess file.

You can place .htaccess files in different directories (or folders). Apache will find, read, and execute all the rules in all .htaccess files it finds. Therefore, the presence of many of these files can slow down your site. You should only use them when it’s necessary to do so.

All of the rules in an .htaccess file placed in your site’s root directory will apply to ALL files & folders. Only add an .htaccess file in a sub-directory if you need to explicitly add or remove rules for that directory.

.htaccess & WordPress

Many WordPress hosts use the Apache software to run their servers, so .htaccess files are common in the WordPress world. The most common configuration used for WordPress sites is to handle the URLs, or what WordPress calls permalinks.

You might also see additional rules in your .htaccess file that were added by security or performance/caching plugins.

The default WordPress .htaccess file looks like this:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

This uses the mod_rewrite directive to implement a series of redirect rules to create better looking permalinks, or URLs, for all of your site’s pages.

.htaccess & WordPress Multisite

If you’re running WordPress Multisite, your .htaccess file will look a little different. Your file should be automatically updated if you follow the WordPress guidelines for enabling multisite, but I’ll include the default .htaccess files for Multisite below.

For a sub-directory multisite setup:

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]

# add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-] /)?wp-admin$ $1wp-admin/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^([_0-9a-zA-Z-] /)?(wp-(content|admin|includes).*) $2 [L]
RewriteRule ^([_0-9a-zA-Z-] /)?(.*\.php)$ $2 [L]
RewriteRule . index.php [L]

For a sub-domain multisite setup:

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]

# add a trailing slash to /wp-admin
RewriteRule ^wp-admin$ wp-admin/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
RewriteRule ^(.*\.php)$ $1 [L]
RewriteRule . index.php [L]

Can’t find your site’s .htaccess file?

That’s because many computers and web servers classify it as a hidden file. Hidden files begin with a dot (.), and are often hidden by default. This is because they should be edited with care. One small error or typo could bring down your site.

If you don’t see the file, ask your hosting company. It might even be a good idea to let them edit the file, as they are more proficient with its syntax.

You can also look for a “show hidden files” option.

Be very careful editing an .htaccess file. I recommend always making a backup of your site before making any edits. And edit the file when the least amount of people are visiting your site, just in case something goes wrong.

.htaccess Resources