.htaccess file what is that? and how to protect it.

.htaccess or “hypertext access”. The “.” is always at the beginning of the filename and shout not be deleted. This file is mostly seen at the root directory of your website.

In cPanel, you can access this folder via the File Manager icon

It manages quite a lot in your WordPress installation. Here are some that it manages:

  • Redirection and rewriting of the URLs
  • The front end appearance of the actual website itself
  • URL and IP blocking
  • directory listing caching and
    server authorization

An .htccess is an Apache server configuration file that comes default with most servers now. This is not all true to all servers, only the server that is running in Apache.

This is an essential file for most WordPress installs. One of the common issues that we face from using WordPress is when we activate some plugins like caching plugins or security plugins something happens to our website. It stops loading correctly or it loads funky pages or we don’t know why the page is not changing. Most of the time it’s because of this pesky .htaccess file and most caching plugins, redirecting plugins, rewriting plugins and security slash IP block locking plugins utilizes that HT access to gain to make them work. They actually modify and rewrite the .htaccess file in order for them to actually work and this can cause a lot of issues with the appearance of WordPress as we’re not aware. We can spend hours trying to figure out why something is redirecting to something else when in fact the only issue is that the .htaccess file has been modified.

Always create a .htaccess backup before modifying the file before, installing any caching plugins redirecting plugins, rewriting plugins or security plugins. It is essential to always have a backup of your original .htaccess file. In case you don’t have a backup of your original htaccess file it looks like this

#BEGIN WordPress

RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

#END WordPress

It is a very simple couple lines of code. It just tells the server how to run WordPress and what to load and what not to load.

Secure it.

Your .htaccess file is one of the most important files and it needs to be protected. Use the code snippet below to secure this file. Paste this code above the line # BEGIN WordPress and save.

#Protect .htaccess
< files ~ “^.*.([Hh][Tt][Aa])”>
order allow,deny
deny from all
satisfy all
< /files>

This code denies access to all files beginning with Hh Tt Aa including your .htaccess file