WordPress is an open-source Content Management System (CMS), which (in part) means that you can make whatever changes you like to core files. In short, you’re in control of every aspect of your website. While that power can be intoxicating and you may be excited by the prospect, you might also reasonably be intimidated by making irreparable changes and damaging (or even ‘breaking’) your site.
What you need is a foolproof approach to optimizing your website. Since we can’t possibly cover everything in one article, today we’re focusing on just one aspect of website optimization – your .htaccess file. This unassuming file grants you the ability to make a number of optimizations to your website, some of which we’re going to cover below.
Before that, however, let’s properly introduce you to .htaccess, and explain how you can (safely!) access, edit, and optimize it.
What Is .htaccess and How Do I Find It?
In a nutshell, the .htaccess file is a server configuration file that stores important settings relating to your website. While it’s not only used for WordPress websites, this article will focus on how to use the file to enhance and protect your WordPress website.
You’ll find the .htaccess file is in the root directory of your site or the top level directory of your WordPress installation. For example, if you have installed WordPress in a /blog/ directory, that is where you’ll find the .htaccess file we’ll be working with.
In terms of accessing your website’s .htaccess file, we recommend File Transfer Protocol (FTP) using the free FileZilla application. If you’ve not used FTP before, consult FileZilla’s detailed documentation and your web host’s instructions for accessing your website via FTP.
If you’re struggling to find the file, it may be hidden. Not a problem – just select Server > Force showing hidden files from the FileZilla menu.
If you still don’t see .htaccess, it’s possible your site doesn’t yet have one. This again requires a simple fix – just log into your WordPress dashboard, navigate to Settings > Permalinks, choose any permalink setting, and save your changes. This will force WordPress to create the .htaccess file if it doesn’t already exist. This is safer than manually creating an .htaccess file, which would overwrite any code WordPress placed in it.
How Do I Edit My .htaccess File?
Let’s start with some advice that applies before making any changes to your site: always back up!
Once you have a backup of your site ready and waiting should anything go wrong, you’re ready to edit your file. Doing so is simple as opening it (via FileZilla) using your favorite plain text editor:
Always edit .htaccess with a plain text editor to avoid inserting special characters, which may be invisible to the eye, but can wreak havoc on your site.
It’s important to avoid editing any of the code that WordPress places in your .htaccess file. All the code added by WordPress is kept between lines that say BEGIN WordPress and END WordPress, so be sure to leave that code intact when editing the file. Some plugins add code to .htaccess, and the code they add should be clearly marked as well. A good practice is to put your code at the bottom of the file.
If you are going to make multiple changes to .htaccess, do them one at a time. If you make several changes at once and encounter a problem, it can be difficult to tell which bit of code is the culprit. Make a backup of your site, edit and update the .htaccess file, then make sure the site still works correctly before moving on.
One last thing before we move onto the fun part. In all our code examples below, lines beginning with a pound sign (#) are comments. These lines are not required, but will help you keep track of the purpose of each piece of code in your .htaccess file.
How Can I Use the WordPress .htaccess File to Optimize My Website?
The .htaccess file enables you to make a number of optimizations to your website, spanning from enduser improvements to security bolstering measures. We’ve spent some time both introducing the file itself and showing you how to access and edit it; now let’s explore some of the things you can do with it to make the most of your WordPress website.
Create Page-level Redirects
A ‘redirect’ is a way of telling your website’s server that when a visitor tries to go to a specific page, they should be taken to another page instead. A common use for this is when you have renamed a page’s permalink and want the old page permalink to send people to the new one, rather than causing an error message.
Add this code to your .htaccess file to create a redirect:
# redirect permalink to another page
Redirect /old-page http://example.com/target-page
Replace the first entry on the line (old-page) with the path and name of the page you wish to redirect without the domain name. Replace the second entry with the full web address of where you want to send people to – including the http or https – whether the target is your own site or another.
Because the target page is a complete URL, it can be a page anywhere on the web, not just one from your site. This comes in handy for situations such as affiliate marketing, when it’s preferable to give people a link on your site that redirects to the vendor’s site, rather than your actual affiliate link. This gives you more control and the ability to change where the link goes, if for example a product is discontinued or you decide to promote another product instead.
Create a Site-Wide Redirect
The above instructions will help you redirect one specific page of your site, but what if you want to redirect all traffic to one place, regardless of which page visitors are trying to visit on your site? Perhaps you want to take your site down temporarily while you make major changes, or you want to work on it without visitors being able to see your real-time changes.
Firstly, create a new page within WordPress where you want to redirect all the traffic to, then insert the following code into your .htaccess file:
# redirect whole site to a temporary page
Redirect 302 / http://yoursite.com/your-page
Simply replace yoursite.com with your domain name, and your-page with the name of the temporary page where traffic is to be redirected.
Create a Custom 404 Error Page
Rather than showing the default error message when something like a 404 error (page not found) occurs, you can create a user-friendly error page that visitors will see instead.
As for creating a site-wide redirect, first create a WordPress page with the content you want, then add the following code to your .htaccess file:
# set an error page
ErrorDocument 404 /error-page
Replace error-page with the permalink of your error page, and you’re done!
Disable Directory Browsing
When we think of hacking a WordPress site, it typically involves someone getting into your actual WordPress installation – especially logging in as an administrator. However, besides keeping unwanted people out of your administrator panel, you should keep them from poking around the files on your site. With .htaccess, you can set a directory so that unauthorized people cannot see the list of files there, which makes it much harder for them to gain access.
Here is the code to put in .htaccess to do that:
# disable directory browsing
Options All -Indexes
Protect Your WordPress Configuration File
One of the most important files in WordPress is wp-config.php. It’s kind of like .htaccess’ big brother, storing various key WordPress settings. With great power comes great responsibility, however – if a hacker gains access to wp-config.php, the outcome could be disastrous for your site.
Keep unauthorized people from accessing your wp-config.php file by adding this code to your .htaccess file:
# protect wpconfig.php file
deny from all
While you may be eager to tweak and optimize your website to your unique needs, you might reasonably be hesitant to do so if you feel you’re lacking in expertise. Fortunately, with resources such as this article, you can make changes with confidence. Just remember to back your site up at all the important times, follow our instructions carefully, and you’ll be set!
With that in mind, let’s finish off by quickly recapping the five .htaccess optimizations we covered in this article:
- Create page-level redirects.
- Create a site-wide redirect.
- Create a custom 404 error page.
- Disable directory browsing.
- Protect your WordPress configuration file.
We’ve certainly not covered the full capabilities of .htaccess here, so if you have any tips yourself, please share them with us. Alternatively, if you have any questions, please don’t hesitate to fire away in the comments section below!