Using The .htaccess File Correctly With WordPress

Using The .htaccess File Correctly With WordPress

You’ve probably heard of the infamous .htaccess file before! This is a file that influences what happens on your web server. Strictly speaking, the file refers to the folder in which it is located – including all sub-folders.

In many cases, you have access to it yourself. However, some hosters do not grant it, but this is becoming increasingly rare.

Take the right precautions.

If you don’t have one yet, it’s easy to create. Open a new file with the editor that you name .htaccess. Make sure there is no file extension. And you’re done!

Below you will get some tips and codes on what should be included in your .htaccess. As always, however: make a backup beforehand! As soon as the file causes display or accessibility problems, you only have to delete it or correct the incorrect parts. But safety comes first.

Important entries in your .htaccess file

Let’s get to the basics first.

WordPress usually creates a .htaccess itself because it needs the rule to work properly. This is as follows:

# BEGIN WordPress

RewriteEngine On

RewriteBase /

RewriteRule ^ index \ .php $ – [L]



RewriteRule. /index.php [L]

# END WordPress

However, if you can’t find the file yet and are therefore creating one yourself, it’s best to add this section at the very beginning.

Ensure security – you use these codes for this

Of course, you want only “invited guests” to have access to your backend. The safest variant for this is protection, which you store by means of a code in your .htaccess file. It reads as follows:

# wp-admin protection beginning

order deny, allow

deny from all

allow from IPAdresse1

allow from IPAdresse2

# wp-admin protection end

Of course, you do something similar to your wp-config.php by adding the following section:

# wp-config protection beginning

<files wp-config.php>

order allow, deny

deny from all


# wp-config protection end

This ensures that nobody (except you, you have FTP access) can access the file. And we are now doing the same with .htaccess so that you have nice all-round protection. For this you need this code:

#htaccess protection beginning

<files ~ “^. * \. ([Hh] [Tt] [Aa])”>

order allow, deny

deny from all

satisfy all


#htaccess protection end

Increase loading time with cache & compression

You now surely know why a fast loading time is so important for your website. If you use a cache plugin, corresponding passages are usually written into your .htaccess. You can also do this manually.

In the code below, you will find the self-explanatory notes on individual file types that either expires after a month or a year.

You can, of course, adjust this individually, but the period should not be too short. You should think about at least four weeks and thus a month in order not to strain the loading speed too much.

# Activate browser caching

ExpiresActive On

ExpiresByType image / jpg “access 1 year”

ExpiresByType image / jpeg “access 1 year”

ExpiresByType image / gif “access 1 year”

ExpiresByType image / png “access 1 year”

ExpiresByType text / css “access 1 month”

ExpiresByType application / pdf “access 1 month”

ExpiresByType text / x-javascript “access 1 month”

ExpiresByType application / x-shockwave-flash “access 1 month”

ExpiresByType image / x-icon “access 1 year”

ExpiresDefault “access 2 days.”

Next, there is compression. When you run a speed test with the Google Developers Tool, this will be suggested as one of the possible measures.

This requires the following code:

# GZIP compression

<IfModule mod_deflate.c>

SetOutputFilter DEFLATE


# GZIP end

Redirects in the event of changed URLs

Sometimes it happens that you change the address of a blog article. For example, because you carry out subsequent OnPage optimizations or you simply thought of a typo afterwards.

There are plugins for WordPress that do automatic 301 redirects. However, they are always looking for a link text that is as similar as possible to the previous one. Depending on what the new variant looks like, the error rate can increase accordingly.

If there are not too many redirects, a manual entry in the .htaccess file is recommended. It can look like this, for example:

# 301 redirects

Redirect 301 /alteseite.html

Redirect 301 /

Since there are quite a few different variations, it’s best to take a look at the code templates from this website. That is exactly what she has specialized in.

A nice gimmick: block image hotlink

It’s pretty annoying when other website owners just use your images. Even worse if they are not even uploaded to their server, but simply copied in. This is called a hotlink. This is not only cheeky; it also automatically feeds into your traffic. In times of flat rates, this is no longer a problem, but it’s just about the principle.

With the following code you make sure that the URL is copied instead of the picture:

# Hotlink block

RewriteEngine on

RewriteCond% {HTTP_REFERER}! ^ $

RewriteCond% {HTTP_REFERER}! ^ Http (s)?: // (www \.)? [NC]

RewriteRule \. (Jpg | jpeg | png | gif) $ http: //deinbild.jpg [NC, R, L]

How much is allowed in a .htaccess?

Basically, you can add as many sections of code as you need. The more there is, the more important it is to have a clean structure. Always use hashtags (#) for comments so that you can quickly assign the commands if necessary.