thewpstarter.com .htaccess

.htaccess Distributed configuration files (DCFs) provide a way to make configuration changes on a per-directory basis. A file containing one or more configuration directives is placed in a specific document directory, and the directives apply to that directory and all its subdirectories.

In general, .htaccess files follow the same syntax as the main configuration file. The AllowOverride directive determines what you can put in these files. This directive defines, in categories, which directives will be honored if they appear in a .htaccess file. If a directive is authorized in a .htaccess file, the directive’s documentation will include an Override section that specifies what value must be in AllowOverride for that directive to be allowed.

WordPress beginner frequently focus on developing compelling content, but they may neglect the necessity of SEO-friendly URLs. The .htaccess file allows users to alter the permalink structure, which improves the site’s search engine optimization (SEO) performance. By including keywords in the URL structure, you may increase the visibility of your content and attract more people to your WordPress site.

Security Recommendations for WordPress Beginners

When it comes to operating a WordPress website, security comes first. The .htaccess file can be used to implement a variety of security measures, protecting your website from possible dangers. .htaccess allows beginners to fortify their website’s defenses without having to learn complicated coding.

Basic WordPress htaccess code

# BEGIN WordPress 

RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

Multisite htaccess

# BEGIN WordPress - Multisite
# Using subfolder network type: https://wordpress.org/documentation/article/htaccess/#multisite

RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]

# add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
RewriteRule . index.php [L]

# END WordPress Multisite
  • Protect your wp-config.php (htaccess):
<files wp-config.php>
  order allow,deny
  deny from all
</files>
  • Secure your wp-includes folder:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>
  • Protect the .htaccess
<files ~ "^.*\.([Hh][Tt][Aa])">
  order allow,deny
  deny from all
  satisfy all
</files>
  • Disable hotlinking Note: Change the yourdomain.com part.
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www.\.)?yourdomain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
  • Restrict Access Using the .htaccess File
<Files wp-login.php>
order deny, allow
deny from all
allow from xxx.xxx.xxx.xxx
</Files>

Enabling and Disabling Features

WordPress plugins are great tools, yet you may want to disable particular functions for specific reasons. Beginners can use .htaccess to selectively enable or disable elements, giving them more customization options than the WordPress interface. This versatility enables users to modify their websites to unique requirements without relying entirely on plugins.

# Disable WordPress REST API
<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteRule ^wp-json/(.*)$ /index.php [R=301,L]
</IfModule>

Handling Server Redirects

Redirects are vital for providing a consistent user experience and managing changes to your site’s structure. .htaccess simplifies the process for WordPress newcomers, allowing them to easily configure redirects. Understanding how to use .htaccess for redirects will save time and provide a smooth transition for your audience, whether you’re redesigning your site or dealing with broken links.

# Disable WordPress REST API
<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteRule ^wp-json/(.*)$ /index.php [R=301,L]
</IfModule>

Leave a Reply

Your email address will not be published. Required fields are marked *

11 + 1 =

Web.com Site Builder Coral Draw - thewpstarter
You May Also Like

A guide for beginners on starting a WordPress blog in 2024

Table of Contents Hide A guide for beginners on starting a WordPress…

Getting Started with WordPress: A Beginner’s Guide #1

Table of Contents Hide Introduction:Section 1: Getting Started with WordPress: Choosing WordPress…

Revolutionize Your Online Store: Can WordPress Be Used for Ecommerce?

Table of Contents Hide Can WordPress be used for ecommerce?WooCommerce: Themes for…

A guide for beginners to get started using Elementor in WordPress: What is Elementor WordPress?

Table of Contents Hide Elementor WordPress Feature:Drag-and-Drop Editor: Widgets and Elements: OVER…