Oh, the mighty .htaccess file! The master of redirects, the ruler of permissions, the overlord of security, and the savior of WordPress websites. Let’s dive into this little but powerful piece of code and discover what it really is and what it can do for your WordPress site.
First things first, let’s start with the basics. What is a .htaccess file? Well, it’s a configuration file that resides in your website’s root directory. It’s used to configure the Apache web server, which is the most common web server used for hosting WordPress sites.
Think of .htaccess as the bouncer of your website. It controls who gets in, who gets out, and who gets to see what. It’s like a bodyguard that protects your site from malicious attacks and spammy bots. It’s also like a traffic controller that directs your visitors to the right pages and content.
What can I configure in the htaccess file?
Now, let’s talk about some of the magical powers of .htaccess file. One of its most common uses is to set up redirects. Redirects are like secret passages that take your visitors from one page to another without them even knowing it. You can use redirects to redirect old pages to new ones, fix broken links, or redirect non-www to www URLs.
Another superpower of .htaccess file is the ability to set up custom error pages. We all hate seeing those boring 404 error pages, right? Well, with .htaccess, you can create your own custom error pages that match your website’s design and personality. You can even add a touch of humor to your error pages to make your visitors smile.
But wait, there’s more! .htaccess file can also be used to restrict access to certain parts of your website. For example, you can use it to block access to your WordPress admin area from specific IP addresses or countries. You can also use it to protect your wp-config.php file, which contains sensitive information like your database username and password.
Last but not least, .htaccess file can help you improve your website’s security. You can use it to block malicious bots and hackers, prevent hotlinking (when someone steals your images or files by directly linking to them), and even force HTTPS (which encrypts your website’s data and protects it from eavesdropping).
Breaking it down
WordPress has a default htaccess file, here’s how it looks;
#BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
#END WordPressAt first glance, it might look like a bunch of gibberish, but fear not, my friend! Let’s dissect it bit by bit.
The “# BEGIN WordPress” and “# END WordPress” are simply markers that indicate the beginning and end of the WordPress code block. You can easily spot them in the file, and they serve as a reminder that everything in between is WordPress-specific.
The “” and “” are conditions that check whether the mod_rewrite module is installed and enabled on the server. This module is responsible for URL rewriting, which allows WordPress to create pretty permalinks like “yoursite.com/my-awesome-blog-post” instead of “yoursite.com/?p=123”.
The “RewriteEngine On” turns on the URL rewriting engine, and “RewriteBase /” sets the base URL for the rules that follow. The “RewriteRule ^index.php$ – [L]” rule tells Apache to ignore requests for the “index.php” file, which is the WordPress bootstrap file that loads all the necessary code.
The “RewriteCond %{REQUEST_FILENAME} !-f” and “RewriteCond %{REQUEST_FILENAME} !-d” conditions check whether the requested file or directory exists on the server. If they don’t, the next rule is executed.
The “RewriteRule . /index.php [L]” is the heart of the file. It tells Apache to pass all requests that don’t match an existing file or directory to the “index.php” file, which is the entry point to WordPress. This rule is what makes pretty permalinks work.
Multisites & .htaccess files
Multisites work slightly differently as files need to be directled appropriately based on whether your site is a subdomain or subfolder network
#BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
add a trailing slash to /wp-admin
RewriteRule ^wp-admin$ wp-admin/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^(wp-(content|admin|includes).) $1 [L]
RewriteRule ^(..php)$ $1 [L]
RewriteRule . index.php [L]
#END WordPressAt the beginning of the file, you’ll see the familiar “# BEGIN WordPress” and “# END WordPress” markers, indicating the beginning and end of the WordPress code block.
Next up, you’ll see the “RewriteEngine On” and “RewriteBase /” lines. These turn on the URL rewriting engine and set the base URL for the rules that follow.
The “RewriteRule ^index.php$ – [L]” rule tells Apache to ignore requests for the “index.php” file, just like in the standard WordPress .htaccess file.
The “RewriteRule ^wp-admin$ wp-admin/ [R=301,L]” rule adds a trailing slash to the wp-admin directory, which is necessary for some plugins and themes to work properly.
The “RewriteCond %{REQUEST_FILENAME} -f [OR]” and “RewriteCond %{REQUEST_FILENAME} -d” conditions check whether the requested file or directory exists on the server. If they do, the next rule is executed.
The “RewriteRule ^(wp-(content|admin|includes).*) $1 [L]” rule tells Apache to pass requests for the wp-content, wp-admin, and wp-includes directories to the corresponding directories for the current site.
The “RewriteRule ^(.*.php)$ $1 [L]” rule tells Apache to pass requests for PHP files to the corresponding files for the current site.
And finally, the “RewriteRule . index.php [L]” rule passes all other requests to the index.php file for the current site.
All of these rules work together to ensure that requests and URLs are handled correctly for each site on the Multisite network. It’s like having a team of expert coordinators working behind the scenes to keep everything running smoothly.