WordPress and .htaccess Usage Basics - Plesk

WordPress and .htaccess Usage Basics

Everyone knows that WordPress is the most popular blogging platform. Yes, WordPress is broadly known as a content management system, but the origins of WordPress is in blogging and indeed WordPress is most efficient when deployed as a blogging platform. Either way, most modern web developers will have encountered WordPress in their daily development activities.

We’re going to use this tutorial to explain how one of WordPress’s most important components work. Read on to see why the .htaccess file is so important to WordPress functionality, and to learn more about configuring your own .htaccess file.

What exactly is a .htaccess file?

It’s simply one of those things you’ve never heard of and find completely obtuse, or a file that’s already totally familiar to you. Never heard of the .htaccess file? Well, there’s a reason for that. In almost all cases the .htaccess file will be hidden in your root directory – though sometimes you simply won’t have an .htaccess file at all.

Note that .htaccess is not something that is unique to WP at all, instead it relates to the Apache web server that drives countless websites, including websites based on WordPress. Essentially, .htaccess is a web server configuration file. Your Apache server will look for the .htaccess document whenever it starts your website, obeying the instructions in it – but only if it exists.

In essence, the .htaccess file helps to configure specific Apache settings that help the web server meet your specific application needs. This could include toggling on or toggling off server functions or for example to make a redirect where users who do not add “www” in front of a domain name gets redirected to www.yourdomain.com.

.htaccess is also a way to tighten up security as you can set privileges for some files while blocking bots and adding additional file handling capabilities via MIME types. Many of the settings in the .htaccess file are relevant for WordPress developers who can use it to help customise WordPress to their needs.

Creating a default .htaccess file for use in a WordPress instance

Every new WordPress installation will come with a .htaccess file as soon as you install it on Apache, but note that the .htaccess file will be hidden so you must select “show hidden files” or a similar option in your operating system. Note that occasionally a WordPress site won’t have a .htaccess file ( e.g. because of permission-related issues ).

Here we will explain you how to create .htaccess, the process is broadly similar for most file managers including those coming with Plesk or cPanel. Alternatively, you can use your computer to create the file and simply upload it using a file manager or using FTP.

You need to navigate to the root directory of your WP instance, it’s usually simply called public_html. Here, make a new text file and call it “.htaccess”. You can then open this file in a plain text editor of your choice. You’ll notice a few lines of text which basically specifies the default settings for your WordPress site. By  default, the WordPress .htaccess file will contain the following code:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

To make your own file simply copy the code above, paste it into the .htaccess file that you just created and save the file, closing your text editor. That’s it, you have just made a brand new .htaccess file. We suggest you visit your website to make sure that it is working because a .htaccess file which is not correctly specified will lead to errors, including the dreaded 500 internal error.

Fine-tuning your WordPress instance using the power of .htaccess

When we talk about WordPress performance – not everything depends on WordPress configuration itself, so certain aspects are directly related to web server configuration. Since .htaccess gives you some additional ways on how to control Apache on the level of the certain website – your may use it to fine-tune your WordPress site overall performance.

Browser Caching

Browser caching allows visitors to save items from your web pages. In this case they don’t need to download them again and again while visiting your website. Usually it helps to reduce bandwidth and reduce page loading time.

<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access 1 year"
ExpiresByType image/jpeg "access 1 year"
ExpiresByType image/gif "access 1 year"
ExpiresByType image/png "access 1 year"
ExpiresByType text/css "access 1 year"
ExpiresByType application/pdf "access 1 month"
ExpiresByType text/x-javascript "access 1 month"
ExpiresByType application/x-shockwave-flash "access 1 month"
ExpiresByType image/x-icon "access 1 year"
ExpiresDefault "access 3 days"

File Caching

Server-side file caching helps to serve multiple visitors within the same cache. As the result the load of the server is reduced and the speed of each page view increases.

Cache htm/html files for 1 week:

<FilesMatch ".(html|htm)$">
Header set Cache-Control "max-age=43200"

Cache plain text files, css and js files for 1 week:

<FilesMatch ".(js|css|pdf|txt)$">
Header set Cache-Control "max-age=604800"

Cache images for one month:

<FilesMatch ".(gif|jpg|jpeg|png)$">
Header set Cache-Control "max-age=2592000"


Disable caching for dynamic files:

<FilesMatch "\.(php|pl|cgi|spl|scgi|fcgi)$">
ExpiresActive Off

Gzip compression on Apache

By enabling gzip compression you can reduce the size of html, js and css files up to 70%:

<IfModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*

Proper character set

To inform the browser about the necessity of certain character set usage for rendering the page it is required to specify the character set of the page.

AddDefaultCharset utf-8

Disable image hotlinking

Not always it is a good idea to let others using your images on their website with the help of direct link. Especially when your care abour server resources and bandwidth. The solution is simple:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?bing.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ – [NC,F,L]

Disable Directory Browsing

Sometimes the careless hosters do not worry about possible directory browsing, however it may give a lot of useful information for those who plan to hack your website.
To fix this you may use the following:

Options -Indexes

Important files protection

It is possible to protect vital files including local php.ini ( if any ), wp-config.php and error logs:

<FilesMatch "^.*(error_log|wp-config\.php|php\.ini|\.[hH][tT][aApP].*)$">
Order deny,allow
Deny from all

WordPress .htaccess usage – Summing It Up

You must have a .htaccess for WordPress to work the way it should, while your .htaccess file can also give you more control over your server features and performance. In the same time errors inside .htaccess file may lead to inaccessibility of your website.

For website owners interested in exceptional performance, solid security and simple process of management WordPress Toolkit combined with Plesk can be the most optimal solution.

How useful was this post?

Click on a heart to rate it!

Average rating / 5. Vote count:

No votes so far! Be the first to rate this post.

Oh no, sorry about that!

Let us know how we can do better below


Elvis Plesky
Our fun and curious team mascot's always plugged into the latest trends. He's here to share his knowledge and help you solve your tech problems.

    Leave a Comment

    Start typing and press Enter to search