What Is WordPress htaccess? [+ How to Use and Edit It]

Download Now: Free WordPress Website Guide + Checklist
Anna Fitzgerald
Anna Fitzgerald


WordPress offers non-technical users numerous website creation and management advantages, including the ability to achieve various tasks without modifying core files.

site owner locating and accessing wordpress .htaccess file

Download Now: How to Launch a WordPress Website  [Free Guide + Checklist]

However, certain tasks like implementing redirects or enabling HTTPS require editing the WordPress core file known as .htaccess. With .htaccess, you can configure specific settings for your site easily.

Use the following jump links to navigate all you need to know about .htaccess:

If you'd rather follow along with a video, check out this walkthrough from Fix Runner:

Let’s get started with a brief overview of what .htaccess is and why it matters in WordPress.

More specifically, the .htaccess file name provides commands for controlling and configuring the Apache web server where your site is hosted. This server hosts hundreds or thousands of other sites as well on what are termed “server farms.” These farms are set up and run by web hosting providers. Without .htaccess, every site owner on the same Apache web server would have to use the same settings for their site. Thankfully, almost every hosting provider allows .htaccess.

With this file, you can set up redirects, force SSL, block IP addresses, deny access to sensitive files, send custom HTTP responses to certain requests, prevent hotlinking, and configure other settings required for your unique site.

Below, we’ll cover where this powerful file is located, how to create and edit it, and more.

WordPress htaccess location

The WordPress .htaccess file is located in the root directory of your WordPress site. Depending on your hosting provider, the root directory may be a folder labelled public_html, www, htdocs, or httpdocs. You can locate it by using File Manager in your hosting account’s cpanel. Let’s walk through the process step-by-step.

Log in to your hosting account’s control panel.

  1. Open the File Manager.
  2. In the navigation menu on the lefthand side of your screen, click on the public_html folder.  
  3. Open the folder labeled “wordpress.”  
  4. Look for the .htaccess file.
  5. If you don’t see the folder, then go to Settings.Click Settings button in cPanel to show hidden default htaccess file in WordPress

    Image Source

  6. A window labeled “Preferences” should appear.
  7. Select the box labeled “Show Hidden Files.”Check box labelled "Show Hidden Files" in cPanel to show default htaccess file in WordPress

    Image Source

You should now be able to see the .htaccess file.

If you still can’t see the .htaccess file, then it’s possible it doesn’t exist. Don’t worry — you can create one in a few easy steps. Let’s walk through the process in the next section.

Default WordPress htaccess

WordPress should automatically create an .htaccess file for you — but sometimes it is unable to because of an issue with file permissions. In that case, follow the steps below.

    1. Log into your WordPress dashboard and go to Settings > Permalinks.
      Click Settings > Permalinks in WordPress dashboard to make WordPress create default htaccess file
    2. Without changing anything, scroll to the bottom and click Save Changes.
    3. WordPress will now try to generate an .htaccess file. If it can’t, you’ll see an error message saying “.htaccess file is not writeable” at the bottom of the page.
    4. You will need to manually create the .htaccess file. Start by logging in to your hosting account’s control panel.
    5. Open the File Manager.
      Click File Manager icon in cpanel to begin process of creating default wordpress htaccess file

      Image Source

    6. In the navigation menu on the lefthand side of your screen, click on the public_html folder.
    7. Click the +File icon in the toolbar at the top of your screen.
      Click +File icon in cpanel to create default wordpress htaccess file

      Image Source

    8. Type in “.htaccess” into the New File Name input field.
    9. Click Create New File.
    10. Right-click the newly created file to edit it.
    11. Add the following code.
      # BEGIN WordPress

      RewriteEngine On
      RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
      RewriteBase /
      RewriteRule ^index\.php$ - [L]
      RewriteCond %{REQUEST_FILENAME} !-f
      RewriteCond %{REQUEST_FILENAME} !-d
      RewriteRule . /index.php [L]

      # END WordPress
    12. Save and close the file.

Now that you know how to create a default .htaccess file for your WordPress site if it doesn’t exist already, you’re ready to edit it. Let’s look at how below.

Edit htaccess WordPress

Editing the .htaccess file — or any core WordPress file — is risky. You could end up deleting code you shouldn’t, adding incorrect code, or making another mistake that breaks your site.

To mitigate the risks, you should take at least one of the precautionary steps below before making direct edits to the htaccess file.

  • Backup your WordPress site so you can restore an earlier version if you make a mistake.
  • Use a staging site to test your edits before pushing them live on your public-facing site.
  • Create a backup .htaccess file and download it to your computer. That way, if your edits in the default .htaccess file cause any problems, you can upload the backup file.

Once you’ve completed at least one of the steps above, you’re ready to edit. There is more than one way to edit the .htaccess file in WordPress. Let’s go over how to do so manually and using a WordPress plugin.

Edit htaccess WordPress Using cPanel

If you’d rather not add another plugin to your WordPress site, then you can use cPanel in your hosting account. If you opt for this method, you’ll have to complete at least one of the precautionary steps outlined above yourself.

Here are the steps for editing the .htaccess file in WordPress using cPanel.

  1. Log in to your hosting account’s control panel.
  2. Open the File Manager.
  3. In the navigation menu on the lefthand side of your screen, click on the public_html folder.
  4. Open the folder labeled “wordpress.”  
    Click folder labelled WordPress in cPanel to find and edit htaccess

    Image Source

  5. Find the .htaccess file and right-click to edit it.
  6. Add any code before the line that reads # BEGIN WordPress.

Edit htaccess WordPress Using a Plugin

If you’d like to automate some of the prep work before editing your .htaccess file, you can use a plugin like Htaccess File Editor. Htaccess File Editor allows you to test edits before saving and automatically backup and restore the default version of your htaccess file. That makes it a must-have WordPress plugin for beginners trying to edit this special configuration file.

Below is the process for editing htaccess in WordPress with the Htaccess File Editor plugin.

  1. Log into your WordPress dashboard.
  2. Install and activate the Htaccess File Editor plugin.
  3. Go to Settings > WP Htaccess Editor.
    Edit htaccess WordPress Using a Plugin
  4. Create a new line before # BEGIN WordPress.
    Create new line before # BEGIN WordPress to begin editing htaccess file with plugin
  5. You can now add any relevant code snippets to make your own rules.

Below we’ll walk through two common examples of what you can do with the htaccess file: set up redirects and force HTTPS.  

WordPress htaccess Redirect

Setting up redirects — specifically, 301 redirects — on your WordPress site can prevent your visitors from seeing a 404 error page instead of the content they requested. It also tells

search engines that a post or page has permanently moved so they know to find, crawl, and rank the new page in approximately the same position as the old page on SERPs.

Let’s say you decide to consolidate duplicate content on your site. In that case, you can set up redirects from outdated posts to single, updated pages. Or let’s say you rename the URL of a single post or page. You can set up a redirect so that any internal or external links on your site with the old URL will send visitors to the new URL. Or let’s say you change your domain name. In that case, you can set up redirects so that any visitors trying to visit the old domain name will be sent to the new one.

These are just a few reasons you might want to set up redirects using the .htaccess file in WordPress. Now let’s look at how.

Redirecting a Single Post or Page

To redirect a single post or page, add the following line of code for each post or page you want to redirect.

Redirect 301 /old-url-slug https://yourdomain.com/new-url-slug

Notice you only have to include the WordPress slug of the old URL (ie. the part after your domain name). You should include the full URL of the new post or page, however.

Let’s look at a specific example. Say have two duplicate blog posts about WordPress appointment plugins. Then you can combine the content of both posts and redirect the URL with less traffic and backlinks to the URL with more traffic and backlinks. So let’s say you’d like to redirect “https://blog.hubspot.com/website/best-appointment-booking-plugins-for-wordpress” to “https://blog.hubspot.com/marketing/wordpress-appointment-plugin”. Then, you would add the following line of code in the .htaccess file:

Redirect 301 /best-appointment-booking-plugins-for-wordpress https://blog.hubspot.com/marketing/wordpress-appointment-plugin

Anyone who clicks on an internal or external link with the old URL will now be redirected to the new URL.

Redirecting Your Entire Site

To redirect an entire website to a new domain, add the following code snippet to the .htaccess file in WordPress:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^olddomain.com [NC,OR]
RewriteCond %{HTTP_HOST} ^www.olddomain.com [NC]
RewriteRule ^(.*)$ https://newdomain.com/$1 [L,R=301,NC]

Replace the placeholder text in the second, third, and fourth lines with your actual old and new domain names. This code snippet will preserve your link structure. So, for example, your contact page which was “www.olddomain.com/contact” will redirect to “www.newdomain.com/contact”.

Force HTTPS htaccess WordPress

Forcing HTTPS is a necessary step if you’ve recently installed an SSL certificate on your WordPress site.

An SSL certificate is a standard security technology for encrypting information between a visitor’s browser and your website. Because it helps keep sensitive information like passwords and payment information safe, visitors feel safer on sites that are encrypted with SSL. It also may help you rank better. Back in 2014, Google announced that it would give sites with SSL a minor ranking boost.

If you’ve recently installed an SSL certificate, then you need to take additional steps to configure your site so that it uses the secure URL with HTTPS instead of HTTP.  According to the WordPress Codex, you can do so by adding the following code to the .htaccess file.

SSLOptions +StrictRequire
SSLRequire %{HTTP_HOST} eq "www.WordPress.com"
ErrorDocument 403 https://www.WordPress.com

This will ensure any visitors using the HTTP version of your site address will be redirected to the version with SSL.

For a more in-depth look at how to force HTTPS on your WordPress site using the .htaccess file or a plugin, check out How to Force HTTPS on Your WordPress Site.

Leveraging the Power of the WordPress htaccess

The .htaccess file can offer you more sophisticated control over your WordPress website. You can set up redirects to the most up-to-date pages on your site, force SSL to ensure visitors are being sent to the HTTPS version of your site, and configure other settings to secure your WordPress site.



Related Articles

Launch your WordPress website with the help of this free guide and checklist.

    CMS Hub is flexible for marketers, powerful for developers, and gives customers a personalized, secure experience