- \n
- Creating an .htaccess<\/em> File<\/a><\/li>\n
- Where to Add Your Changes<\/a><\/li>\n
- Editing Your .htaccess<\/em> File<\/a><\/li>\n<\/ul>\n<\/li>\n
- .htaccess Security Tips<\/a>\n
- \n
- Protecting Important Files<\/a><\/li>\n
- Restrict Access to the Admin<\/a><\/li>\n
- Prevent Directory Browsing<\/a><\/li>\n
- Restrict Access to PHP Files<\/a><\/li>\n
- Restrict PHP File Execution<\/a><\/li>\n
- Protect Your Site Against Script Injections<\/a><\/li>\n
- Securing the\u00a0wp-includes<\/i> Directory<\/a><\/li>\n
- Prevent Username Enumeration<\/a><\/li>\n
- Require SSL<\/a><\/li>\n
- Prevent Image Hot Linking<\/a><\/li>\n<\/ol>\n<\/li>\n<\/ul>\n
What’s .htaccess<\/em>\u00a0Got to Do with It?<\/h2>\n
The .htaccess<\/em>\u00a0file is located in the root of your site (or Multisite network). The period in front of the file name means it’s a hidden file and you won’t be able to see it when browsing your files unless you show all\u00a0hidden\u00a0files on your computer.<\/p>\n
In WordPress, the file is used\u00a0for facilitating pretty permalinks and\u00a0is automatically\u00a0created when this\u00a0option is enabled. There’s a lot more you can do with .htaccess<\/em>, though, such as adding 301 redirects<\/a> or including rules to block unauthorized visitors.<\/p>\n
If you’re already well-versed in the .htaccess<\/em>\u00a0file and you’re ready to make some changes, go ahead and skip down to see the list, (don’t forget to backup your site first!<\/a>)<\/p>\n
I Pity the Fool Who Doesn’t Backup<\/h2>\n
The .htaccess<\/em>\u00a0file can be a finicky one to work with because a single syntax error could break your entire site. That being said, if you’re prepared, this kind of worse case scenario doesn’t have to spell a death sentence for your site. In fact, far from it.<\/p>\n
Backing up your site before you make any changes can act as a fail safe so you can quickly restore your files\u00a0and be on your way as if nothing ever happened. Well, close enough to that, anyway.<\/p>\n
The absolute least you should do is download a copy of your .htaccess<\/em>\u00a0file on your computer so you can replace it if a mistake is made.\u00a0You can download a copy of your .htaccess<\/em>\u00a0file in cPanel by going to Files > File Manager<\/strong> after logging in. If you’re prompted with a pop-up, select the Show Hidden Files<\/strong> checkbox, then click Go.<\/p>\n
Alternatively, you can click Settings<\/strong> on the top right of the File Manager<\/strong> and click the Show Hidden Files<\/strong> checkbox, then click the Save<\/strong> button.<\/p>\n
\n![\"The](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2016\/05\/cpanel-show-hidden-files.png\")
The .htaccess<\/em> file is hidden by default.<\/figcaption><\/figure>\n<\/div>\n You should be able to go to the\u00a0root of your site now and find the .htaccess<\/em>\u00a0file. Click on it once on the list, then click the Download<\/strong> button in the navigation. Save it to your computer. If you need to restore it, you can click the Upload<\/strong> button on the top of the page.<\/p>\n
Select the Overwrite existing files<\/strong> checkbox, then click the Select File<\/strong> button to search for and open the backup of your .htaccess<\/em> file.<\/p>\n
\n![\"The](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2016\/05\/cpanel-upload-overwrite-file.png\")
You can overwrite existing files in cPanel to restore the .htaccess<\/em> file.<\/figcaption><\/figure>\n<\/div>\n Once you have opened the file, it should upload and you can click the Go Back<\/strong> link at the bottom of the page to return to your File Manager<\/strong>. Once that’s done, it means your .htaccess<\/em> file has been \u00a0restored.<\/p>\n
Note: If you are hosting with WPMU DEV<\/a>, you can perform the same operation as above by accessing the File Manager<\/a> feature inside your Hub.<\/p>\n
For details on how to create a full backup of your site, check out some of our other posts below:<\/p>\n
- \n
- How to Backup Your WordPress Website (and Multisite) Using Snapshot<\/a><\/li>\n
- 4 Top WordPress Multisite Backup Solutions Tested and Reviewed<\/a><\/li>\n
- 11 Best Free Quality Backup Plugins for Protecting Your WordPress Site<\/a><\/li>\n<\/ul>\n
Going Through Changes<\/h2>\n
Creating an .htaccess<\/em> File<\/h3>\n
Depending on your install, you may not have an .htaccess<\/em> file so before you can think about editing\u00a0it, you may need to create one. You can either use your favorite text editor to create one or do it\u00a0directly in cPanel.<\/p>\n
Create and upload a new file and name it .htaccess<\/em>, or click the File<\/strong> button at the top left of the File Manager<\/strong> in cPanel to create a blank file named .htaccess<\/em>.<\/p>\n
If your server doesn’t allow you to do this, create a file called htaccess.txt<\/em> instead, then rename the file to .htaccess<\/em> once it’s uploaded to your site.<\/p>\n
Since all WordPress installs have pretty permalinks set by default since version 4.2, it’s best to side on the err of caution and include the code that’s default for .htaccess<\/em> files in the newer versions of WordPress instead of creating a blank file.<\/p>\n
Here’s the default code you should include for single installs of WordPress:<\/p>\n
- 4 Top WordPress Multisite Backup Solutions Tested and Reviewed<\/a><\/li>\n
- Restrict Access to the Admin<\/a><\/li>\n
- Where to Add Your Changes<\/a><\/li>\n