Title: Empty htaccess file
Last modified: August 4, 2021

---

# Empty htaccess file

 *  Resolved [applejack1923](https://wordpress.org/support/users/applejack1923/)
 * (@applejack1923)
 * [4 years, 9 months ago](https://wordpress.org/support/topic/empty-htaccess-file/)
 * This past week on 2 sites I have had an issue wehere all of a sudden the main
   htaccess file has been written as empty.
 * I am trying to work out whether it is possible that iTheme Security plugin could
   be the cause or if this would be impossible for it to do so.
 * Also if there is a way of manually triggerring iThemes Securty to write / update
   the htaccess file so I can test.
 * Thanks

Viewing 4 replies - 1 through 4 (of 4 total)

 *  [nlpro](https://wordpress.org/support/users/nlpro/)
 * (@nlpro)
 * [4 years, 9 months ago](https://wordpress.org/support/topic/empty-htaccess-file/#post-14735381)
 * Hi [@applejack1923](https://wordpress.org/support/users/applejack1923/)
 * – First you need to make sure the iTSec plugin is allowed to write to the .htaccess
   file (if it’s not then something else must be causing the empty .htaccess file).
 * Navigate to the Security > Settings menu option and then click on the **Configure**
   icon. This will take you to the **Global Settings** page. First setting is **
   Write to Files** and it’s usually enabled (by default).
 * – Then you need to check whether the iTSec plugin is currently configured to 
   write anything to the .htaccess file.
 * Navigate to the Security > Settings menu option and then click on the **Tools**
   icon/link at the bottom of the page. Then click on the **Server Config Rules**
   entry. If **no** plugin setting is enabled, which is effectuated by writing rules
   to the .htaccess file, you’ll see the following message:
 * > There are no rules that need to be written.
 * Otherwise you’ll get to see the rules written by the iTSec plugin to the .htaccess
   file.
 * Typical settings that get effectuated by writing rules to the .htaccess file 
   are eg: all **System Tweaks** settings. So enabling/disabling any of those settings
   will trigger the iTSec plugin to (re)write to the .htaccess file.
 * The info above should help you rule out the iTSec plugin as the culprit.
 * +++++ To prevent any confusion, I’m not iThemes +++++
 *  Thread Starter [applejack1923](https://wordpress.org/support/users/applejack1923/)
 * (@applejack1923)
 * [4 years, 9 months ago](https://wordpress.org/support/topic/empty-htaccess-file/#post-14737314)
 * Hi
 * Thanks for the reply.
 * If I switch off iThemes capability to write to htaccess and wp-config after it
   has done so initially then what implications does this have for security i.e.
   are banned IP’s stored in the database instead etc ?
 * I did look at the documentation but couldn’t find any mention of this.
 *  [nlpro](https://wordpress.org/support/users/nlpro/)
 * (@nlpro)
 * [4 years, 9 months ago](https://wordpress.org/support/topic/empty-htaccess-file/#post-14737712)
 * Yes, banned IP’s are stored in the database. Where a request from a banned IP
   would normally be forbidden earlier, at the web server layer, without the plugin
   writing the ban rules to the .htaccess it’s now WordPress (the application layer)
   preventing access to banned IP’s.
 * Ideally you want banning to happen on the web server layer, but when the ban 
   rules are missing in the .htaccess the banned IPs stored in the database are 
   used to ban IPs in WordPress. The iTSec plugin includes PHP code to handle this.
 *  Thread Starter [applejack1923](https://wordpress.org/support/users/applejack1923/)
 * (@applejack1923)
 * [4 years, 9 months ago](https://wordpress.org/support/topic/empty-htaccess-file/#post-14737720)
 * Hi
 * That’s what I thought, thanks for confirming.
    -  This reply was modified 4 years, 9 months ago by [applejack1923](https://wordpress.org/support/users/applejack1923/).

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Empty htaccess file’ is closed to new replies.

 * ![](https://ps.w.org/better-wp-security/assets/icon.svg?rev=2980272)
 * [Solid Security – Password, Two Factor Authentication, and Brute Force Protection](https://wordpress.org/plugins/better-wp-security/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/better-wp-security/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/better-wp-security/)
 * [Active Topics](https://wordpress.org/support/plugin/better-wp-security/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/better-wp-security/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/better-wp-security/reviews/)

 * 4 replies
 * 2 participants
 * Last reply from: [applejack1923](https://wordpress.org/support/users/applejack1923/)
 * Last activity: [4 years, 9 months ago](https://wordpress.org/support/topic/empty-htaccess-file/#post-14737720)
 * Status: resolved