Support » Fixing WordPress » Is support .htaccess mandatory to run WordPress?

  • vra01

    (@vra01)


    Hello,

    In terms of security, is support for .htaccess files mandatory to run WordPress?

    In other words, can I run WordPress safely without enabling .htaccess file interpretation in Apache?

    Thank you,

Viewing 4 replies - 1 through 4 (of 4 total)
  • jaynarayan

    (@jaykpatel)

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    Moved to Fixing WordPress, this is not an Installing WordPress topic.

    In terms of security, is support for .htaccess files mandatory to run WordPress?

    No, it is not and never has been.

    Many WordPress installations run nginx and that has never supported .htaccess. On an Apache 2 server it is used for fancy permalinks and that has zero to do with security.

    Thanks @jdembowski

    Just thought I would add this info. By default these Apache modules below are loaded/enabled in the httpd.conf (configuration) file. Also all web hosts keep these default modules loaded/enabled in order to offer their customer’s htaccess file capability/usage. If you have an NGINX server and try to use htaccess files/code the htaccess code is ignored and not processed. These default Apache modules below are used to process htaccess security code.

    Apache 2.4.x default loaded modules > https://gist.github.com/karsinkk/ba2853d770c54f5d066d
    Both mod_access_compat and mod_authz_core are loaded by default.

    Apache 2.2.x default loaded modules > https://gist.github.com/TheSunMan/4008088
    Both mod_access_compat and mod_authz_core are loaded by default.

    Apache 2.0.x default loaded modules
    Only the mod_access_compat module was loaded by default since the newer mod_authz_core had not been created yet.

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.