How To Locate, Create and Edit the Default WordPress .htaccess File?

Modifying the core functionality of your wordpress website, improving security, doing redirects, or any major configuration, there’s one common step: Locating, creating, and/or editing the .htaccess file. 

Locate the .htaccess file of your wordpress site from your hosting control panel. Navigate to the root folder of the file manager, and you’ll see a file named “.htaccess”. Enable the  “view hidden files” option if you don’t see it. Right click on the file to edit it with a text editor.

Since this single file dictates the functionality of your entire website, it’s easy to mess things up if something goes wrong. Let’s talk about the precautions to take and how you can locate and edit the .htaccess file with different methods.

What is the .htaccess file anyway?

The .htaccess file is a configuration file that can control a website’s behavior on a per-directory basis. This configuration file acts as the control room of your wordpress website. It gives you the ability to modify every functionality of your site.

With it, you can manage your site’s behavior, and security protocols, set up redirects, and optimize site performance without touching its core code. 

Now, for a general website, you don’t really need a .htaccess file. However, when you’re talking about CMS and the dynamic functionality that WordPress comes with, you sure have it on your root folder. You just have to locate it to edit the functionality. 

Precaution While Working With The Default WordPress .htaccess File

The .htaccess file isn’t a thing you should be playing with, since it determines how your website functions. So, before you bring changes or modify the file, here are a few precautionary steps to take:

Take a backup of the original file

Before you make any changes to the .htaccess file, make sure to create a backup copy of the original file. This will allow you to easily restore the original file if something goes wrong down the line.

Use the correct syntax while editing 

The .htaccess file is very sensitive to syntax errors, so make sure that you use the correct syntax for any changes you make. Even a small typo can cause the file to become invalid, which can lead to errors on your website.

Don’t delete codes You Don’t Understand

The default WordPress .htaccess file contains important code necessary for your website to function properly. Don’t delete any of this code unless you’re sure that you know what you’re doing.

Always test your Changes

If you make changes to the .htaccess file, test your website thoroughly to make sure that everything is still working properly. Test all the different pages and functions of your site to ensure that nothing has been broken.

Keep security in mind

Remember, the .htaccess file can be used to enhance your website’s security, but it can also compromise it if done wrong. Make sure that you don’t accidentally open up security holes by making changes to the file.

Consult with an expert if you’re unsure

If you’re not sure how to make changes to the .htaccess file or if you’re concerned about the potential impact of your changes, it’s best to consult with an expert, such as a WordPress developer or your hosting provider’s support team.

Keep a Log of Changes to Your .htaccess File

This is a pro tip: keeping a log and having a backup will save your day in case anything goes wrong with your website. In case you need to revert an action, you can check back to the log. You can use a version control system like Git to make this easier. 

How To Find/Locate The Default WordPress .htaccess File

So, now you know the security drill before getting your hands dirty. Let’s dive deep and see how you’re going to locate .htaccess, take a backup, and edit it if necessary:

How to locate Default WordPress .htaccess file with cPanel:

There are two methods of locating it. One is using a cPanel, and the other is with an FTP client software program. Here are both the ways below:

Step 1: Log in to your website’s dashboard

Log in to your cPanel account. You can usually access it by visiting your website URL followed by “/cpanel” or by accessing it through your hosting provider’s control panel. Ask them if you’re unsure about it. 

Step 2: Navigate to the root folder

In the cPanel dashboard, scroll down to the “Files” section, and click on “File Manager”. The File Manager will open up. Click the “public_html” folder and select the root directory of your WordPress installation.

Step 3: Locate the .htaccess file (Show hidden files)

Look for the .htaccess file in the root directory. If you can’t find it, make sure that you have enabled the option to show hidden files and folders. In the top right corner of the File Manager, click on the “Settings” button and check the box next to “Show Hidden Files (dot files)”.

How to locate .htaccess file with FTP client

FTP clients are just software that helps transfer files between the local and remote server. You can use FTP software like FileZilla, Cyberduck, or WinSCP to locate the file. Here are the steps:

Step 1: First, download and install an FTP client software like FileZilla, Cyberduck, or any other you like.

Step 2: Configure your web server settings by entering the host, port, login type, username, and password. You’ll get these from your web server’s control panel.

Step 3: Open your FTP client and navigate to the root directory of your WordPress installation. This is usually the “public_html” folder or a folder with the name of your website.

Step 4: Look for the .htaccess file in the directory. If you can’t see it, make sure that you have enabled the option to show hidden files and folders in your FTP client. 

Creating a Default WordPress .htaccess File: A Step-by-Step Guide

The .htaccess file may not always be present in your list, and you may need to create one. You can generate the default .htaccess file. Here are two ways to do it:

Method 1: Creating The .htaccess File

The best way to have your default .htaccess file is by creating it right within the root directory. Here are the steps to do it:

Step 1: Navigate to the root directory following the method described above. 

Step 2: Click on the “+File” Button to add/create a new file within the root folder. 

Step 3: Write .htaccess as the file name and press enter to see a text editing field. 

Step 4: In the text field, copy and paste the code below, save the file, and you’ll have your default .htaccess file.

Here’s how the code will look like:

  1. # BEGIN WordPress
  2. <IfModule mod_rewrite.c>
  3. RewriteEngine On
  4. RewriteBase /
  5. RewriteRule ^index\.php$ – [L]
  6. RewriteCond %{REQUEST_FILENAME} !-f
  7. RewriteCond %{REQUEST_FILENAME} !-d
  8. RewriteRule . /index.php [L
  9. </IfModule>
  10. # END WordPress

Method 2: Generating The .htaccess File

Step 1: Ask your hosting provider and get all the details about your domain and hosting.

Step 2: Use an online .htaccess generator tool like htaccessredirect or others. 

Step 3: Input all your data and click generate. It will generate the .htaccess file for you. 

Once you have the .htaccess file created, all you have to do is, upload it to your root directory. 

How to Upload .htaccess file to the root directory

If you’ve gone with the generating method, you’ll have the .htaccess file in your local computer. You can use either an FTP client or your web host’s file manager (Like cPanel). Here’s how you’ll upload it to the root folder of your website:

Method 1: Upload Using FTP server

Step 1: If you’re using an FTP client, navigate to the root directory of your WordPress installation (usually the “public_html”). 

Step 2: Drag the .htaccess file from your local computer and drop it to the root directory in your FTP client. Alternatively, you can right-click on the file and select “Upload” or “Copy to” to transfer the file to the server.

Method 2: Using Hosting File Manager

Step 1: Log in to your cPanel of your wordpress website and access the root folder. You should find it in the “public_html” directory.

Step 2: Hit the “Upload” button in the top menu bar and select the .htaccess file from your local computer. 

After the upload is complete using either methods, you should see it in the directory you selected.

How To Edit The Default WordPress .Htaccess File

Editing the default WordPress .Htaccess file becomes necessary in some cases like altering functionality or doing redirects. Here’s how you do it:

Editing the .htaccess file on WordPress

If you want to just reset the .htaccess file, log in to your WordPress dashboard and navigate to Settings > Permalinks.

Scroll down to the “Permalink Settings” section and click on the “Save Changes” button. This will regenerate the .htaccess file with the default WordPress rewrite rules.

Editing the .htaccess File For Customizations

If you need to make custom changes to the .htaccess file, you have 3 options: 

  1. Using an FTP client
  2. Using the built-in file editor in your hosting control panel 
  3. Using a plugin such as “WP File Manager”.

Whichever you’re using, open the .htaccess file in a plain text editor, such as Notepad. Make the necessary changes to the file, being careful not to modify any necessary existing rules. 

For example, you may need to add custom rewrite rules to redirect certain URLs or block access to specific files or directories.

Once you have made your changes, save the file or upload it back to your server if you’re using an FTP client or the file manager provided by your web host.

Verify that your website is functioning properly and that your changes have been implemented correctly.

How To Take Backup Of .htaccess File?

You must take a backup of your main .htaccess file before you modify or edit it. Here’s how you do it: 

Step 1: Once you’ve located the .htaccess file, right-click on it and select “Copy” from the context menu. 

Step 2: Select a destination folder where you want to save the backup file. Click on the “Copy File(s)” button to create a copy of the .htaccess file. 

Step 3: You can rename the backup file to something like “htaccess_backup_date” to make it easy to identify and keep track of. 

Step 4: Once the backup file has been created, you can download it to your local computer or leave it in the directory for safekeeping.

Common .htaccess Code Snippets

People edit the .htaccess file for various reasons, each having different code snippets. Here are 10 common code snippets you can use today:

1. Redirect all traffic to HTTPS:

RewriteEngine on
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

# Note: It’s also recommended to enable HTTP Strict Transport Security (HSTS)
# on your HTTPS website to help prevent man-in-the-middle attacks.
# See
<IfModule mod_headers.c>
    # Remove “includeSubDomains” if you don’t want to enforce HSTS on all subdomains
    Header always set Strict-Transport-Security “max-age=31536000;includeSubDomains”

2. Redirect a Single Page:

Redirect 301 /oldpage.html
Redirect 301 /oldpage2.html

3. Redirect an Entire Site

Redirect 301 /

4. Exclude URL from Redirection

RewriteEngine On
RewriteRule ^robots.txt – [L]

5. Block access to the wp-config.php file:

<Files wp-config.php>
Order allow,deny
Deny from all

6. Protecting Your Site From Hotlinking

RewriteEngine on

RewriteCond %{HTTP_REFERER} !^$

RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)? [NC]

RewriteRule \.(jpg|jpeg|png|gif)$ – [NC,F,L]

7. Custom Error Pages

ErrorDocument 500 “Houston, we have a problem.”
ErrorDocument 401
ErrorDocument 404 /errors/halflife3.html

8. Auto UTF-8 Encode

# Use UTF-8 encoding for anything served text/plain or text/html
AddDefaultCharset utf-8

# Force UTF-8 for a number of file formats
AddCharset utf-8 .atom .css .js .json .rss .vtt .xml

9. Block spammers and bots

# Blocks spammers and bots
<Limit GET POST>
Order Allow,Deny
Deny from
Deny from yy.yy.yy.yyy
Allow from all

10. Send visitors to a maintenance page

# Redirects to maintenance page
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REMOTE_ADDR} !^123\.456\.789\.000
RewriteCond %{REQUEST_URI} !/maintenance.html$ [NC]
RewriteCond %{REQUEST_URI} !\.(jpe?g?|png|gif) [NC]
RewriteRule .* /maintenance.html [R=503,L]

Best Practices for Editing the Default WordPress .htaccess File

Follow these best editing practices of editing the .htaccess file if you want to stay safe with your site: 

Understand The Impact of Incorrect .htaccess Codes

Incorrect .htaccess codes can break your website, make it inaccessible, or negatively impact your website’s search engine ranking. So, whatever you do, don’t edit the .htaccess code, if you don’t know what you are dealing with. 

Know The .htaccess File Structure

You need to familiarize yourself with the .htaccess file structure. The structure includes header comments, code blocks targeting specific aspects like redirects. Make changes accordingly.

Testing The .htaccess File After Changes

Test your modified .htaccess file to ensure it works as intended. Check website functionality, accessibility, and load times. For the best testing, you can use Google Search Console, SEMrush, Serpstat, etc., in terms of SEO.

Removing Unnecessary Codes

The code snippets you’re using in your .htaccess file puts weight and impacts the functionality of your site. So, have just as few codes as possible in the file and have only the necessary ones. 

Take Backup

Always back up the original file before making any changes. This will allow you to revert to the original file in case something goes wrong.

Use a Good Text Editor

Use a text editor that is suitable for editing .htaccess files, such as Notepad++ or Sublime Text. Avoid using word processors like Microsoft Word or Google Docs, as they may add formatting or hidden characters that can cause issues.

Keep Codes Clean

Keep the .htaccess file clean and organized by removing any unused rules. This will improve your site’s performance and reduce the risk of errors. 

Use Proper Syntaxes 

Use proper syntax and formatting when adding new code. Incorrect syntax can cause errors or prevent the file from functioning properly.

Document Your Changes

Use comments to document any changes you make to the .htaccess file. This will make it easier for you and other developers to understand the purpose of each rule or configuration.


Working with your .htaccess file can be a fun job if you know what you’re doing. It helps you go the extra mile to ensure your site is highly functional and secure. 

Keep in mind that you should not make changes unless you’re 100% sure of it. 

Make sure to include any necessary security configurations, such as preventing hotlinking or blocking malicious requests, to help protect your site from attacks.

Leave a Comment