WordPress relies on several open source applications, including the PHP interpreter, the MySQL database, and the Apache web server. Apache’s role is to pass requests to WordPress so that HTML pages can be generated and to send those pages to the browser that requested them. Without Apache, WordPress wouldn’t be on the web.
Apache can be configured to handle requests according to the needs of the application and its users. Most of that configuration lives in the httpd.conf file, which acts as a centralized configuration file for all sites on the server. But it is often necessary to customize the configuration for individual sites, which is where the .htaccess file comes in.
The .htaccess file is a per-directory configuration file that only affects the site in the same directory as the file. If you look in your WordPress site’s root directory, you may find that it already has an .htaccess file.
Most WordPress configuration can be done from within the WordPress admin dashboard, but in some cases it can be useful to make changes to .htaccess. Before we take a look at a few configuration options you may find useful, you should understand that mistakes in .htaccess can take a WordPress site offline, make pages inaccessible, or hurt its SEO. Be careful when editing .htaccess.
Trying to speed up your WordPress website? Here’s how.
Htaccess and WordPress
WordPress adds rules to .htaccess and so do some WordPress plugins. When you change the permalink structure of a WordPress site, rules are written to the .htaccess file so that Apache knows about the changes. Security plugins often use .htaccess to block IP addresses or limit access to the site.
If you aren’t familiar with .htaccess or editing configuration files on the command line, you should try to find a plugin that does what you need before editing .htaccess. The plugins are written by developers and extensively tested. That said, there are several short and useful rules you could add.
Create 301 Redirects
A 301 redirect is used when a page is permanently moved to a new location. It lets browsers and search engines know that the page is located at a different URL. To redirect a page in your .htaccess file, add the following rule:
Redirect 301 /old-url/ http://www.example.com/newurl
Block access to sensitive files
There are files in the WordPress directory that shouldn’t be readable by the whole internet: the wp-php.config file is a good example. With the following rules, you can block access to files that should not be accessible to browsers.
Deny from all
Prevent specific IP addresses from loading the site
The .htaccess file can be used to deny access to requests from particular IPs.
This can be useful for blocking a small number of IP addresses, but if you are having problems with brute force attacks against your WordPress site, a plugin like SiteGuard WP is a more efficient solution.
<Limit GET POST>
deny from 203.0.113.0
allow from all
Replace the IP address in the above with the address that you would like to block.
Stop directory browsing
Directory browsing, which is permitted by default, allows bad actors to see the files in your WordPress site’s directory, information that might be useful to them.
The above command will prevent directory browsing.
I have covered only a few of the many configuration options that can be used to control Apache. For a full explanation, take a look at .htaccess Guide.Posted in: WordPress