WordPress offers non-technical users numerous website creation and management advantages, including the ability to achieve various tasks without modifying core files.
However, certain tasks like implementing redirects or enabling HTTPS require editing the WordPress core file known as .htaccess. With .htaccess, you can configure specific settings for your site easily.
Use the following jump links to navigate all you need to know about .htaccess:
- What .htaccess is
- Where the .htaccess file is located
- How to create a default .htaccess file if one doesn’t exist already
- How to edit the .htaccess file
- How to set up redirects using .htaccess
- How to force HTTPS using .htaccess
If you'd rather follow along with a video, check out this walkthrough from Fix Runner:
Let’s get started with a brief overview of what .htaccess is and why it matters in WordPress.
What is htaccess in WordPress?
In WordPress, .htaccess is a special configuration file that can control how your server runs your website. As one of the most powerful configuration files, .htaccess can control 301 redirects, SSL connections, password protection, the default language, and more on your WordPress site.
More specifically, the .htaccess file name provides commands for controlling and configuring the Apache web server where your site is hosted. This server hosts hundreds or thousands of other sites as well on what are termed “server farms.” These farms are set up and run by web hosting providers. Without .htaccess, every site owner on the same Apache web server would have to use the same settings for their site. Thankfully, almost every hosting provider allows .htaccess.
With this file, you can set up redirects, force SSL, block IP addresses, deny access to sensitive files, send custom HTTP responses to certain requests, prevent hotlinking, and configure other settings required for your unique site.
Below, we’ll cover where this powerful file is located, how to create and edit it, and more.
WordPress htaccess location
The WordPress .htaccess file is located in the root directory of your WordPress site. Depending on your hosting provider, the root directory may be a folder labelled public_html, www, htdocs, or httpdocs. You can locate it by using File Manager in your hosting account’s cpanel. Let’s walk through the process step-by-step.
Log in to your hosting account’s control panel.
- Open the File Manager.
- In the navigation menu on the lefthand side of your screen, click on the public_html folder.
- Open the folder labeled “wordpress.”
- Look for the .htaccess file.
- If you don’t see the folder, then go to Settings.
- A window labeled “Preferences” should appear.
- Select the box labeled “Show Hidden Files.”
You should now be able to see the .htaccess file.
If you still can’t see the .htaccess file, then it’s possible it doesn’t exist. Don’t worry — you can create one in a few easy steps. Let’s walk through the process in the next section.
Default WordPress htaccess
WordPress should automatically create an .htaccess file for you — but sometimes it is unable to because of an issue with file permissions. In that case, follow the steps below.
- Log into your WordPress dashboard and go to Settings > Permalinks.
- Without changing anything, scroll to the bottom and click Save Changes.
- WordPress will now try to generate an .htaccess file. If it can’t, you’ll see an error message saying “.htaccess file is not writeable” at the bottom of the page.
- You will need to manually create the .htaccess file. Start by logging in to your hosting account’s control panel.
- Open the File Manager.
- In the navigation menu on the lefthand side of your screen, click on the public_html folder.
- Click the +File icon in the toolbar at the top of your screen.
- Type in “.htaccess” into the New File Name input field.
- Click Create New File.
- Right-click the newly created file to edit it.
- Add the following code.
# BEGIN WordPress
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress - Save and close the file.
Now that you know how to create a default .htaccess file for your WordPress site if it doesn’t exist already, you’re ready to edit it. Let’s look at how below.
Edit htaccess WordPress
Editing the .htaccess file — or any core WordPress file — is risky. You could end up deleting code you shouldn’t, adding incorrect code, or making another mistake that breaks your site.
To mitigate the risks, you should take at least one of the precautionary steps below before making direct edits to the htaccess file.
- Backup your WordPress site so you can restore an earlier version if you make a mistake.
- Use a staging site to test your edits before pushing them live on your public-facing site.
- Create a backup .htaccess file and download it to your computer. That way, if your edits in the default .htaccess file cause any problems, you can upload the backup file.
Once you’ve completed at least one of the steps above, you’re ready to edit. There is more than one way to edit the .htaccess file in WordPress. Let’s go over how to do so manually and using a WordPress plugin.
Edit htaccess WordPress Using cPanel
If you’d rather not add another plugin to your WordPress site, then you can use cPanel in your hosting account. If you opt for this method, you’ll have to complete at least one of the precautionary steps outlined above yourself.
Here are the steps for editing the .htaccess file in WordPress using cPanel.
- Log in to your hosting account’s control panel.
- Open the File Manager.
- In the navigation menu on the lefthand side of your screen, click on the public_html folder.
- Open the folder labeled “wordpress.”
- Find the .htaccess file and right-click to edit it.
- Add any code before the line that reads # BEGIN WordPress.
Edit htaccess WordPress Using a Plugin
If you’d like to automate some of the prep work before editing your .htaccess file, you can use a plugin like Htaccess File Editor. Htaccess File Editor allows you to test edits before saving and automatically backup and restore the default version of your htaccess file. That makes it a must-have WordPress plugin for beginners trying to edit this special configuration file.
Below is the process for editing htaccess in WordPress with the Htaccess File Editor plugin.
- Log into your WordPress dashboard.
- Install and activate the Htaccess File Editor plugin.
- Go to Settings > WP Htaccess Editor.
- Create a new line before # BEGIN WordPress.
- You can now add any relevant code snippets to make your own rules.
Below we’ll walk through two common examples of what you can do with the htaccess file: set up redirects and force HTTPS.
WordPress htaccess Redirect
Setting up redirects — specifically, 301 redirects — on your WordPress site can prevent your visitors from seeing a 404 error page instead of the content they requested. It also tells
search engines that a post or page has permanently moved so they know to find, crawl, and rank the new page in approximately the same position as the old page on SERPs.
Let’s say you decide to consolidate duplicate content on your site. In that case, you can set up redirects from outdated posts to single, updated pages. Or let’s say you rename the URL of a single post or page. You can set up a redirect so that any internal or external links on your site with the old URL will send visitors to the new URL. Or let’s say you change your domain name. In that case, you can set up redirects so that any visitors trying to visit the old domain name will be sent to the new one.
These are just a few reasons you might want to set up redirects using the .htaccess file in WordPress. Now let’s look at how.
Redirecting a Single Post or Page
To redirect a single post or page, add the following line of code for each post or page you want to redirect.
Redirect 301 /old-url-slug https://yourdomain.com/new-url-slug
Notice you only have to include the WordPress slug of the old URL (ie. the part after your domain name). You should include the full URL of the new post or page, however.
Let’s look at a specific example. Say have two duplicate blog posts about WordPress appointment plugins. Then you can combine the content of both posts and redirect the URL with less traffic and backlinks to the URL with more traffic and backlinks. So let’s say you’d like to redirect “https://blog.hubspot.com/website/best-appointment-booking-plugins-for-wordpress” to “https://blog.hubspot.com/marketing/wordpress-appointment-plugin”. Then, you would add the following line of code in the .htaccess file:
Redirect 301 /best-appointment-booking-plugins-for-wordpress https://blog.hubspot.com/marketing/wordpress-appointment-plugin
Anyone who clicks on an internal or external link with the old URL will now be redirected to the new URL.
Redirecting Your Entire Site
To redirect an entire website to a new domain, add the following code snippet to the .htaccess file in WordPress:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^olddomain.com [NC,OR]
RewriteCond %{HTTP_HOST} ^www.olddomain.com [NC]
RewriteRule ^(.*)$ https://newdomain.com/$1 [L,R=301,NC]
Replace the placeholder text in the second, third, and fourth lines with your actual old and new domain names. This code snippet will preserve your link structure. So, for example, your contact page which was “www.olddomain.com/contact” will redirect to “www.newdomain.com/contact”.
Force HTTPS htaccess WordPress
Forcing HTTPS is a necessary step if you’ve recently installed an SSL certificate on your WordPress site.
An SSL certificate is a standard security technology for encrypting information between a visitor’s browser and your website. Because it helps keep sensitive information like passwords and payment information safe, visitors feel safer on sites that are encrypted with SSL. It also may help you rank better. Back in 2014, Google announced that it would give sites with SSL a minor ranking boost.
If you’ve recently installed an SSL certificate, then you need to take additional steps to configure your site so that it uses the secure URL with HTTPS instead of HTTP. According to the WordPress Codex, you can do so by adding the following code to the .htaccess file.
SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "www.WordPress.com"
ErrorDocument 403 https://www.WordPress.com
This will ensure any visitors using the HTTP version of your site address will be redirected to the version with SSL.
For a more in-depth look at how to force HTTPS on your WordPress site using the .htaccess file or a plugin, check out How to Force HTTPS on Your WordPress Site.
Leveraging the Power of the WordPress htaccess
The .htaccess file can offer you more sophisticated control over your WordPress website. You can set up redirects to the most up-to-date pages on your site, force SSL to ensure visitors are being sent to the HTTPS version of your site, and configure other settings to secure your WordPress site.