Comprehensive guide to WordPress .htaccess File

I’m sure you have heard about WordPress .htaccess File, but you don’t know what this file can do for you or how you can use this file. So in this guide i will explain the uses of .htaccess file for WordPress, and how you can create WordPress .htaccess file for your blog. WordPress .htaccess file plays an important role for many reasons.

wordpress .htaccess file

You can use WordPress .htaccess file for the purposes mentioned below:

  • Security settings for your blog.
  • Blog bots, spammers and threats.
  • To configure error pages.
  • To add rules for the redirection of your blog.

However, most of the Bloggers, Webmasters and Entrepreneurs are still not  aware .htaccess file and its uses. Thats why I’m going to share a basic guide on it. So, lets get started with our WordPress .htaccess file Guide.

WordPress .htaccess File Introduction

A .htaccess file is a way to configure your blog details, without server customization. It is not only use by WordPress, you can configure .htaccess file for any Apache Server. WordPress .htaccess file comes by default with WordPress but it is hidden in the root of your Server. However, sometime it is not available on your server, so you have to manually create .htaccess file and upload it to the root of your server through cPanel or FTP.

How to create .htaccess File manually?

Sometime, .htaccess file is not available by default on your server, so you have to create manually. You can create .htaccess file in text editor by following the steps below.

  1. Open up the notepad or any text editor.
  2. Save the empty file as .htaccess
  3. Upload the file to the Root of your server. You can use cPanel file manager or FileZilla FTP client to upload the file.

Or you can directly create a .htaccess file in cPanel File Manager.

  1. Login to your cPanel.
  2. Go to File Manager.
  3. Right click and click on Create New File
  4. Name the file as .htaccess

Once you create .htaccess file, paste the default code in it and save the file.  The default .htaccess code for WordPress is below:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

Uses of .htaccess File

WordPress .htaccess file can be use for many purposes as i mentioned above. So lets get into the depth of these tricks and commands you have to use while configuring .htaccess file.

»Directory Authentication:

You can set Security authentication passwords on some directories. Lets suppose you want to set a security password to your directory wp-admin. You can do it by some commands and changes in .htaccess file.

.htaccess passwords are kept in another file known as .htpasswd. Create and save that file, in a normal text editor. Use this htpasswd generator to generate a username and password. Lets suppose your username is Luqman and password is howupdates123. Then after generating it from the generator, it will be look like luqman:r3iaC0kdUic0k. Paste this generated code into .htpasswd file and save it.


You can also paste more user/pass in the next line if you want. Now you have to edit .htaccess file to configure the password to a specific directory.

AuthUserFile /usr/local/username/safedirectory/.htpasswd
AuthGroupFile /dev/null
AuthName Please Enter Password
AuthType Basic
Require valid-user

The values of above code are listed below:

  • AuthUserFile This command designates the location of .htpasswd file.
  • AuthGroupFile This command designates the location of .htgroup file.  Since we didn’t created such file so type /dev/null.
  • AuthName This command display the text in the authentication window.
  • AuthType This command designates the type of authentication. You should keep it as basic.
  • Require valid-user This command represents the two functions.
    1. It allows several peoples to access the password protected directory.
    2. Use a required username phrase to allow the permitted person.

Remember to save this .htaccess file in the same directory, which you want to secure. Just save this .htaccess file in wp-admin folder.

»Custom Error Pages:

You can create custom Error pages for your blog. There are several error pages listed below:

  • 400 Bad Request
  • 401 Authorization Required
  • 403 Forbidden Page
  • 404 File not Found
  • 500 Internal Error

To low the bounce rate and increase the user experience to your blog, you can create custom error pages using .htaccess file. 404 Error page is the most common error page. A user can have this error by putting a wrong URL or if your permalink has been changed. You can saw my custom 404 page over there.

As you can see I’m using CloudFlare Application “SmartErrors” for my Error Pages. However, you can create your 404 error page using .htaccess or you can enable SmartErrors if you are using CloudFlare CDN.

  1. Create a 404 Error Page by using Custom Error Page Generator Tool.
  2. Now go to the main .htaccess file, available in the root and add the following code into it.

    ErrorDocument 404 /404PageName.html

  3. The above code is only valid if your 404 page is reside in the root of your Server, If your 404 Error page is not in the root the use the following code in .htaccess file.

    ErrorDocument 404 /DirectoryName/404PageName.html

»Blocking Specific IPs:

You can block visitors to your blog from specific IP addresses using .htaccess file. All you have to do is to copy and paste the code below and change the IP address to the IP you want to disallow the access to your blog.

<Limit GET POST>
order allow,deny
allow from all
deny from

Just replace with the IP address you want to block and save the .htaccess file. You can paste the same code again if you want to block more IPs and done.

You can do much more by editing .htaccess file, the explanation above is just a brief overview of .htaccess file. If you still have any questions in your mind related to .htaccess, you can post them below and i will response on them as soon as possible. Do share this post with your friends on Facebook and Twitter. Subscribe for the daily Updates.

Get free Updates in your Email
About How Updates

If you like This post, you can follow HowUpdates on Twitter. Subscribe to HowUpdates feed via RSS or EMAIL to receive instant updates


  1. Luqman first time I’ve through your blog and found a great post, it is very interesting read as you have written it in step by step method which is very easy to understand and follow the instruction given by you…………… Great work dude!

  2. Good article. I am using WordPress but hardly I have knowledge on coding since WordPress is optimized in all respects. However, I like your easy and compact explanation. keep it up.

  3. Nice article. If possible write more on plugins and theme. Thanks a lot

  4. Hi M Luqman,

    I’ve always heard people talking about how powerful the htaccess file is, but never really knew what it was. Your tutorial helped me realize just how powerful it is.

    I bookmarked your site so I could come back and implement some of these techniques when I have the time. I really like the part that you can block certain IP’s. Thanks for sharing this and I hope you have a great day.

Speak Your Mind



CommentLuv badge

Copyright © 2013 How Updates. Hosted on HostGator
Sitemap | Privacy Policy | TOS