The .htaccess is a configuration file that indirectly reconfigures a program or Apache server. So you don't need to have direct access to the main configuration file of a web server (httpd.conf) to change its "behaviour".

Important: The instructions of the .htaccess always refer to the respective directory where the file is located. So to make the settings global, the file should always be in the root directory. Does everything sound rather technical? True, but it does make sense to deal with the topic. Because special Codes for the .htaccess can Make WordPress faster and more secure.

Where is the WordPress .htaccess located?

The .htaccess file is located in the root directory of WordPress - the main directory where your domain is located at the web host. You get access to this directory and therefore to the .htaccess with a FTP program (e.g. FileZilla).

Create WordPress .htaccess manually

WordPress creates an .htaccess file at the latest when you change the permalink settings. If the WordPress .htaccess is missingso it could be because you haven't changed anything at this point. However, depending on the server configuration, automated file creation may not be possible. WordPress will tell you when saving new permalink settings that no .htaccess file can be created. In this case you have to create the file manually.

Step 1: Open text editor

To do this, open a text editor and name the document e.g. as a.htaccess - unfortunately, empty files cannot be created with the editor. Important: Never use "Microsoft Word" or something similar, because such programs add additional formatting.

Step 2: Upload file to server

Next you have to upload the -> empty <- .htaccess file via FTP in your root directory. This is the folder where the wp-config.php is also located.

Step 3: Rename file

Because the file is still called a.htaccess (or whatever you named it), you have to rename it to ".htaccess" (without quotes of course).

Step 4: Assign rights

Because the file is empty, WordPress must be able to fill the .htaccess with code on its own. For example, many plugins need .htaccess write access. Therefore you only have to adjust the file attributes. Click in your FTP program with the right mouse button on the .htaccess file and select the menu item "File permissions". There you have to allow the writing of the .htaccess file.

You want to know how to prevent WordPress from editing the htaccess, read the following article → Prevent WordPress htaccess editing

 

Important: Do not make any changes without BackUp!

Before you make changes to the .htaccess file in WordPress, you should create a .htaccess backup. If you accidentally "break" something, you can simply upload/activate the original file and undo the changes. The backup can be easily done by renaming the current .htaccess and creating a new WordPress .htaccess.

Before you make changes to the .htaccess file in WordPress, you should create a Create .htaccess backup. If you accidentally "break" something, you can simply upload/activate the original file and undo the changes. The backup can be easily done by renaming the current .htaccess and creating a new WordPress .htaccess created.

WordPress .htaccess deleted: what to do?

Tip. WordPress .htaccess deleted you can insert the following code to make everything work normally.

# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule /index.php [L]
# END WordPress

Interesting lines of code for the .htaccess

What belongs in your .htaccess instead or in addition to the standard lines of code is up to you at the end of the day. Fact is: Both the security and the performance can be improved with additional code for the .htaccess. Too much of a good thing can weaken the performance again. So you should weigh up what you really need and what you don't need. But more about that later.

Make admin area visible only for certain IP addresses

Enable # wp-admin only for certain IPs
order deny,allow
deny from all
allow from IP address1
allow from IP address2

Block access to WP-config.php for all users

# Disable access to wp-config
 
 order allow,deny
 deny from all
 

Activate Gzip compression

# GZIP Compression
 
 SetOutputFilter DEFLATE
 

Enable browser caching

# Browser Caching
ExpiresActive On
ExpiresByType image/jpg "access 1 year
ExpiresByType image/jpeg "access 1 year
ExpiresByType image/gif "access 1 year
ExpiresByType image/png "access 1 year
ExpiresByType text/css "access 1 month
ExpiresByType application/pdf "access 1 month
ExpiresByType text/x-javascript "access 1 month
ExpiresByType application/x-shockwave-flash "access 1 month
ExpiresByType image/x-icon "access 1 year
ExpiresDefault "access 2 days

Prevent image hotlinking

Prevent # Image Hotlinking
RewriteEngine on
RewriteCond %{HTTP_REFERERER} !^$
RewriteCond %{HTTP_REFERERER} !^http(s)?://(www\.)?eureseite.de [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ http://deinbild.jpg [NC,R,L]

301-Forwarding / Set up redirect

# 301 Set up forwarding
Redirect 301 /oldesite.html http://neueseite.de/neueurl
Redirect 301 / http://neueseite.de/

Exclude certain users via their IP address

Exclude # users via IP
 
 order allow,deny
 deny from XXX.XXX.XX.X
 deny from XXX.XXX.XX.X
 allow from all
 

The perfect WordPress .htaccess

While new code in the Make .htaccess WordPress faster too much code can do the exact opposite. In the end it's like an extension, because caching plugins and other helpers also work (partly) with lines of code in the .htaccess. Over the years, we (and our predecessor at fastWP) have thoroughly tested various configurations of .htaccess. The result is the (in our opinion) ultimate WordPress .htaccess, which is the "sweet spot" in terms of performance and security.

No unnecessary ballast for best performance

Our perfect .htaccess for WordPress contains no more ballast, no more superfluous lines. But all really important points and commands are still included. So the file stays nice and small, pleasantly slim and of course extremely fast. The ultimate WordPress .htaccess cached graphics, which provides enormous performance, it compresses pages with Gzip, which can reduce the size per page by up to 80 percent, and prohibits for example the linking of pictures on foreign websites (except Feedly and Co).

Replace the code within your standard .htaccess with the following lines:


SetOutputFilter DEFLATE



Header append cache control "public
Header append Vary Accept-Encoding
Header set Connection keep-alive
Header unset ETag
FileETag None



ExpiresActive On
ExpiresDefault "access 60 seconds
ExpiresByType image/jpg "access plus 1 month
ExpiresByType image/jpeg "access plus 1 month
ExpiresByType image/gif "access plus 1 month
ExpiresByType image/png "access plus 1 month
ExpiresByType image/ico "access plus 1 month
ExpiresByType text/css "access 1 month
ExpiresByType text/javascript "access 1 month
ExpiresByType application/javascript "access 1 month
ExpiresByType application/x-shockwave-flash "access 1 month



RewriteEngine on
RewriteCond %{HTTP_REFERERER} !^$
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_FILENAME} \.(jpg|jpeg|png|gif|ico|css|js)$ [NC]
RewriteCond %{HTTP_REFERERER} !^https?://([^.]+\.) ?fastwp\. [NC]
RewriteCond %{HTTP_REFERERER} !^https?://([^.]+\.) ?feedly\. [NC]
RewriteRule \.(jpg|jpeg|png|gif|ico|css|js)$ - [F,NC,L]


# BEGIN WordPress

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule /index.php [L]

# END WordPress

Note #1: In WordPress .htaccess there is code in which a URL must be entered. in the example "fastwp" registered. Of course you have to change these places and add your own URL for the code to work correctly.

Note #2: For web fonts located on your own server, the code may need to be extended. All information about the correct integration of web fonts you will find here.

About Christian

My name is Christian and I am co-founder of the platform fastWP. Here in the magazine I am responsible for the more "technical" topics but I like to write about SEO, which has been my passion for over 10 years now.

6 thoughts on “Die ultimative WordPress .htaccess erstellen”

  1. Hi,
    thank you very much! Helped me a lot and improved the performance of my site.
    Now the only thing that my Theme Costumizer may not work anymore is the new .htaccess file.
    I use the Ashe Pro / WordPress theme. Do you have a tip for this?

    VG
    Alisha

  2. Hi, Alisha,
    unfortunately not without further ado since I don't know your theme and also don't know what exactly you have entered in the htaccess.
    Actually there is nothing in there that should influence your customizer.

  3. hi Christian thank you very much for this very interesting article.
    I've got turbulence on one side where I'm

    a. WordPress and
    b. I installed LimeSurvey.

    Wp runs cleanly - and really without problems. But the LimeSurvey installation I put in the folders always reports an ERR_EMPTY_RESPONSE which might point to htaccess directives that redirect and make the limesurvey admin (or login) page inaccessible.

    As said before: the WP runs without any problems but the LimeSurvey script (see http://www.limesurvey.org ) is not available - especially not under Chrome - but very often not under FireFox either.
    Do you think I can get anywhere by getting into the htaccess of the WP

    a. look inside
    b. intervention

    as the ultima ratio, I could also do the following:
    install wordpress and limesurvey side by side. This would require imho to redirect from MyDomain.TLD/ -> MyDomain.TLD/wordpress/, but then I might not have the bug fixes anymore - would have clearly defined and clean folder structures and would not have delays and loops when it comes to the URL things

    What do you mean? Glad to hear from you.

    Many greetings
    Matzo

    1. Hi Matze, in this case I can't help you because we don't offer any special support here (except for "minor help"). This would go beyond the scope and the basic idea of this blog.

  4. Thank you for this valuable contribution!!!
    The whole company website didn't work anymore... and that's where all the new customer contact took place !!1

    That's what saved me:

    Create WordPress .htaccess manually
    WordPress creates an .htaccess file at the latest when you change the permalink settings. If the WordPress .htaccess is missing, it could be that you haven't changed anything at this point. Depending on the server configuration it might be that the automated creation of files is not possible. WordPress will tell you when saving new permalink settings that no .htaccess file can be created. In this case you have to create the file manually.

    Many thanks!!!!!!!!! i have searched 1. million forums and had just as many tabs open.... and then you were found!

    I came across the Google search keyword: "wordpres .htaccess file what is it"
    to you.
    Thanks a lot!

    Gold value of these articles!

Leave a Comment

Your email address will not be published. Required fields are marked *

en_GB