How to Create & Edit the Default WordPress .htaccess File

May 22, 2019


WordPress uses the default .htaccess file to store configuration information and handle server requests.

For example, .htaccess can enable or disable many server features, including redirection of URLs, server signature, caching of files, password protection, and customized error pages.

This tutorial will show you how to find, edit, and create the default .htaccess file in WordPress.


What Is the .htaccess File

.htaccess is a standard configuration file used in web servers. If you are familiar with Apache, you may have experience in editing .htaccess to grant or revoke access to website resources.

WordPress is a bit different. In WordPress, the default .htaccess file is mainly used to handle permalinks to pages on your WordPress website. However, as a configuration file, you can also add additional configuration options to adjust the behavior of your website, such as:

  • URL redirects and rewriting
  • Block hotlinking of images
  • Handling server errors
  • Password protection
  • Blacklisting and whitelisting of IPs
  • Block users by referring URL

Note: Learn also how to make a redirect in PHP.

Where Is the .htaccess File Located in WordPress

The .htaccess file is stored in the root directory of a WordPress installation. The period (dot) at the beginning of the filename indicates the file is hidden.

If you are using cPanel, click the Settings button in the upper-right corner, then select Show hidden files, then click Save. You should be able to open the public_html folder of your WordPress installation and find .htaccess listed.


How to Create a Default WordPress .htaccess File

In some instances, WordPress may not create the default .htaccess file, or it may accidentally be deleted. Navigate to the public_html folder to view the list of files. Make sure you have configured your system to show hidden files, as noted above.

1. Create a new file using the + File button in the upper-left corner. Name the file “.htaccess.”

2. Open the file for editing by selecting Edit.


3. Enter the following text:

# BEGIN WordPress

RewriteEngine On

RewriteBase /

RewriteRule ^index\.php$ - [L]

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule . /index.php [L]

# END WordPress

4. Save the file and exit.

How to Edit the WordPress .htaccess File

Editing .htaccess in cPanel

  1. To make a copy of the file in the cPanel file manager, click .htaccess to highlight it. Then use the Download button in the top menu to save a copy to your local machine.
  2. Once you’ve made a copy, you can edit .htaccess. In cPanel, right-click the file, then click Edit. You may now make adjustments to the file.

Editing .htaccess File with FTP Client


You may also use an FTP client to log in and download a copy of .htaccess directly to your local machine.

Numerous free FTP clients are available, such as FileZilla. In the example below, we are using FileZilla:

  1. Log in to your server’s FTP hosting account.
  2. Navigate to the root of your WordPress installation to show hidden files:  Menu > Options > Select Server > Force showing hidden files
  3. Locate the root folder of your domain then download the .htaccess file.
  4. Now, you are ready to edit the .htaccess file.

Note: If you are working from a Linux command prompt, you can edit the file by entering sudo nano WordPress_root/.htaccess. Replace WordPress_root with the actual directory of your WordPress files.

WordPress .htaccess Configuration Options

Redirect Web Traffic

If you have changed a permalink on your website, you can use a 301 redirect to forward traffic to the new page. This allows users with bookmarks or hyperlinks to be routed to the live page.

Edit your .htaccess file and add the following line:

Redirect 301 /old_permalink.html

This can be done for each page you need to redirect.

Protect Sensitive WordPress Files

To prevent web access to the wp-config, error_logs, php.ini, and htaccess/htpasswds files, add the following:

<FilesMatch "^.*(error_log|wp-config\.php|php.ini|\.[hH][tT][aApP].*)$">

Order deny,allow

Deny from all

Force an SSL Connection

Enter the following to force an encrypted SSL connection:

SSLOptions +StrictRequire


SSLRequire %{HTTP_HOST} eq ""

ErrorDocument 403


WordPress is a powerful CMS with many advanced options. Now you know how to find, edit, and create the default WordPress .htaccess file. Make sure you always create a backup before editing it.

Knowing how to edit .htaccess file will help you to resolve one of the common WordPress error “Uploaded file exceeds the upload_max_filesize directive in php.ini“.

One of the most common WordPress errors that can show up after editing .htaccess is 500 Internal Server Error. Find out How To Fix The 500 Internal Server Error In WordPress.

Was this article helpful?
Sofija Simic
Sofija Simic is an experienced Technical Writer. Alongside her educational background in teaching and writing, she has had a lifelong passion for information technology. She is committed to unscrambling confusing IT concepts and streamlining intricate software installations.
Next you should read
How to Fix "Your PHP installation appears to be missing the MySQL extension which is required by WordPress"
January 20, 2020

The "Your PHP installation appears to be missing the MySQL extension" error can occur in WordPress when ...
Read more
21 Server Security Tips to Secure Your Server
January 11, 2023

Hackers are always on the lookout for server vulnerabilities. Minimize risks and be confident your data is ...
Read more
How to Enable & Set Up .htaccess File on Apache
April 9, 2019

The .htaccess file in Apache is a tool that allows configurations at the directory and subdirectory levels.
Read more
How to Install phpMyAdmin on CentOS 7
October 22, 2018

This guide is for users who have already configured a CentOS server and installed the Apache HTTP services...
Read more