10 Most Useful .htaccess Tricks


The .htaccess file is a server configuration file. It allows you to define rules for your server to follow for your website. Before editing your .htaccess file, it is important to download a copy of it to your computer as backup. You can use that file in case anything goes wrong.

1. Protect Your Admin Area

You can use .htaccess to protect your admin area by limiting the access to selected IP addresses only. Simply copy and paste this code into your .htaccess file:

Don’t forget to replace xx values with your own IP address. If you use more than one IP address to access the internet, then make sure you add them as well.

2. Password Protect Admin Folder

If you access your site from multiple locations including public internet spots, then limiting access to specific IP addresses may not work for you.

You can use .htaccess file to add an additional password protection to your admin area.

First, you need to generate a .htpasswds file. You can easily create one by using this online generator.

Upload this .htpasswds file outside your publicly accessible web directory or /public_html/ folder. A good path would be:


Next, create a .htaccess file and upload it in /admin/ directory and then add the following codes in there:

Important: Don’t forget to replace AuthUserFile path with the file path of your .htpasswds file and add your own username.


3. Disable PHP Execution in Some Directories

Sometimes hackers break into a site and install a backdoor. These backdoor files are often disguised as core files and are placed in /includes/ or /content/uploads/ folders.

An easier way to improve your site security is by disabling PHP execution for some directories.

You will need to create a blank .htaccess file on your computer and then paste the following code inside it.

Save the file and then upload it to your /content/uploads/ and /includes/ directories.


4. Protect Your Website Configuration config.php File

Probably the most important file in your website’s root directory is config.php file. It contains information about your database and how to connect to it.

To protect your config.php file from unathorized access, simply add this code to your .htaccess file:


5. Setting up 301 Redirects Through .htaccess File

Using 301 redirects is the most SEO friendly way to tell your users that a content has moved to a new location. If you want to properly manage your 301 redirects on posts per post basis, then check out our guide on how to setup redirects in your website.

On the other hand, if you want to quickly setup redirects, then all you need to do is paste this code in your .htaccess file.


6. Ban Suspicious IP Addresses

Are you seeing unusually high requests to your website from a specific IP address? You can easily block those requests by blocking the IP address in your .htaccess file.

Add the following code to your .htaccess file:

Don’t forget to replace xx with the IP address you want to block.


7. Disable Image Hotlinking in Website Using .htaccess

Other websites directly hotlinking images from your site can make your website slow and exceed your bandwidth limit. This isn’t a big issue for most smaller websites. However, if you run a popular website or a website with lots of photos, then this could become a serious concern.

You can prevent image hotlinking by adding this code to your .htaccess file:


8. Protect .htaccess From Unauthorized Access

As you have seen that there are so many things that can be done using the .htaccess file. Due to the power and control it has on your web server, it is important to protect it from unauthorized access by hackers. Simply add following code to your .htaccess file:


9. Increase File Upload Size in Website

There are different ways to increase the file upload size limit in Website. However, for users on shared hosting some of these methods do not work.

One of the methods that has worked for many users is by adding following code to their .htaccess file:

This code simply tells your web server to use these values to increase file upload size as well as maximum execution time in Website.


10. Disable Access to XML-RPC File Using .htaccess

Each WordPress install comes with a file called xmlrpc.php. This file allows third-party apps to connect to your WordPress site. Most WordPress security experts advise that if you are not using any third party apps, then you should disable this feature.

There are multiple ways to do that, one of them is by adding the following code to your .htaccess file:


We hope this article helped you learn the most useful .htaccess tricks for your Website. You may also want to see our ultimate step by step website security guide for users.


Prakash S

Prakash S

I would like to introduce myself as a Software professional opting for the career in software industry. I'm Prakash S, a MCA graduate and trained as industry level practice for Software technology. Basically I am a PHP Developer but now days exploring more in HTML5, CSS, AngularJS and jQuery libraries.