The .htaccess is a distributed configuration file, and is how Apache handles configuration changes on a per-directory basis.<\/p>\n\n\n\n
WordPress uses this file to manipulate how Apache serves files from its root directory, and subdirectories thereof. Most notably, WP modifies this file to be able to handle pretty permalinks.<\/p>\n\n\n\n
This page may be used to restore a corrupted .htaccess file (e.g. a misbehaving plugin).<\/p>\n\n\n\n
# BEGIN WordPress\n\nRewriteEngine On\nRewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]\nRewriteBase \/\nRewriteRule ^index\\.php$ - [L]\nRewriteCond %{REQUEST_FILENAME} !-f\nRewriteCond %{REQUEST_FILENAME} !-d\nRewriteRule . \/index.php [L]\n\n# END WordPress\n<\/pre>\n\n\n\nMultisite<\/h2>\n\n\n\nWordPress 3.5 and up<\/h3>\n\n\n\n
If you activated Multisite on WordPress 3.5 or later, use one of these.<\/p>\n\n\n\n
Subfolder Example<\/strong><\/p>\n\n\n\n# BEGIN WordPress Multisite\n# Using subfolder network type: https:\/\/wordpress.org\/support\/article\/htaccess\/#multisite\n\nRewriteEngine On\nRewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]\nRewriteBase \/\nRewriteRule ^index\\.php$ - [L]\n\n# add a trailing slash to \/wp-admin\nRewriteRule ^([_0-9a-zA-Z-]+\/)?wp-admin$ $1wp-admin\/ [R=301,L]\n\nRewriteCond %{REQUEST_FILENAME} -f [OR]\nRewriteCond %{REQUEST_FILENAME} -d\nRewriteRule ^ - [L]\nRewriteRule ^([_0-9a-zA-Z-]+\/)?(wp-(content|admin|includes).*) $2 [L]\nRewriteRule ^([_0-9a-zA-Z-]+\/)?(.*\\.php)$ $2 [L]\nRewriteRule . index.php [L]\n\n# END WordPress Multisite\n<\/pre>\n\n\n\nSubDomain Example<\/strong><\/p>\n\n\n\n# BEGIN WordPress Multisite\n# Using subdomain network type: https:\/\/wordpress.org\/support\/article\/htaccess\/#multisite\n\nRewriteEngine On\nRewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]\nRewriteBase \/\nRewriteRule ^index\\.php$ - [L]\n\n# add a trailing slash to \/wp-admin\nRewriteRule ^wp-admin$ wp-admin\/ [R=301,L]\n\nRewriteCond %{REQUEST_FILENAME} -f [OR]\nRewriteCond %{REQUEST_FILENAME} -d\nRewriteRule ^ - [L]\nRewriteRule ^(wp-(content|admin|includes).*) $1 [L]\nRewriteRule ^(.*\\.php)$ $1 [L]\nRewriteRule . index.php [L]\n\n# END WordPress Multisite<\/pre>\n\n\n\nWordPress 3.4 and below<\/h3>\n\n\n\n
If you originally installed WordPress with 3.4 or older and activated Multisite then, you need to use one of these:<\/p>\n\n\n\n
SubFolder Example<\/strong><\/p>\n\n\n\nWordPress 3.0 through 3.4.2<\/p>\n\n\n\n
# BEGIN WordPress Multisite\n# Using subfolder network type: https:\/\/wordpress.org\/support\/article\/htaccess\/#multisite\n\nRewriteEngine On\nRewriteBase \/\nRewriteRule ^index\\.php$ - [L]\n\n# uploaded files\nRewriteRule ^([_0-9a-zA-Z-]+\/)?files\/(.+) wp-includes\/ms-files.php?file=$2 [L]\n\n# add a trailing slash to \/wp-admin\nRewriteRule ^([_0-9a-zA-Z-]+\/)?wp-admin$ $1wp-admin\/ [R=301,L]\n\nRewriteCond %{REQUEST_FILENAME} -f [OR]\nRewriteCond %{REQUEST_FILENAME} -d\nRewriteRule ^ - [L]\nRewriteRule ^[_0-9a-zA-Z-]+\/(wp-(content|admin|includes).*) $1 [L]\nRewriteRule ^[_0-9a-zA-Z-]+\/(.*\\.php)$ $1 [L]\nRewriteRule . index.php [L]\n\n# END WordPress Multisite\n<\/pre>\n\n\n\nSubDomain Example<\/strong><\/p>\n\n\n\n# BEGIN WordPress Multisite\n# Using subdomain network type: https:\/\/wordpress.org\/support\/article\/htaccess\/#multisite\n\nRewriteEngine On\nRewriteBase \/\nRewriteRule ^index\\.php$ - [L]\n\n# uploaded files\nRewriteRule ^files\/(.+) wp-includes\/ms-files.php?file=$1 [L]\n\nRewriteCond %{REQUEST_FILENAME} -f [OR]\nRewriteCond %{REQUEST_FILENAME} -d\nRewriteRule ^ - [L]\nRewriteRule . index.php [L]\n\n# END WordPress Multisite\n<\/pre>\n\n\n\n General Examples<\/h2>\n\n\n\n Options<\/h3>\n\n\n\n
Any options preceded by a +<\/strong> are added to the options currently in force, and any options preceded by a –<\/strong> are removed from the options currently in force.<\/p>\n\n\n\nPossible values for the Options directive<\/a> are any combination of:<\/p>\n\n\n\n None <\/strong><\/p>\n\n\n\n All options are turned off.<\/p>\n\n\n\n
All <\/strong><\/p>\n\n\n\n All options except for MultiViews. This is the default setting.<\/p>\n\n\n\n
ExecCGI <\/strong><\/p>\n\n\n\n Execution of CGI scripts using mod_cgi is permitted.<\/p>\n\n\n\n
FollowSymLinks <\/strong><\/p>\n\n\n\n The server will follow symbolic links in this directory.<\/p>\n\n\n\n
Includes <\/strong><\/p>\n\n\n\n Server-side includes provided by mod_include are permitted.<\/p>\n\n\n\n
IncludesNOEXEC <\/strong><\/p>\n\n\n\n Server-side includes are permitted, but the #exec cmd and #exec cgi are disabled.<\/p>\n\n\n\n
Indexes <\/strong><\/p>\n\n\n\n URL maps to a directory, and no DirectoryIndex, a formatted listing of the directory.<\/p>\n\n\n\n
MultiViews <\/strong><\/p>\n\n\n\n Content negotiated “MultiViews” are allowed using mod_negotiation.<\/p>\n\n\n\n
SymLinksIfOwnerMatch <\/strong><\/p>\n\n\n\n Only follow symbolic links where target is owned by the same user id as the link.<\/p>\n\n\n\n
This will disable all options, and then only enable FollowSymLinks, which is necessary for mod_rewrite.<\/p>\n\n\n\n
Options None\nOptions FollowSymLinks\n<\/pre>\n\n\n\n DirectoryIndex<\/h3>\n\n\n\n
DirectoryIndex<\/a> sets the file that Apache will serve if a directory is requested.<\/p>\n\n\n\nSeveral URLs may be given, in which case the server will return the first one that it finds.<\/p>\n\n\n\n
DirectoryIndex index.php index.html \/index.php\n<\/pre>\n\n\n\n DefaultLanguage<\/h3>\n\n\n\n
DefaultLanguage<\/a> will cause all files that do not already have a specific language tag associated with it will use this.<\/p>\n\n\n\nDefaultLanguage en\n<\/pre>\n\n\n\n Default Charset<\/h3>\n\n\n\n
Set the default character encoding sent in the HTTP header. See: Setting charset information in .htaccess<\/a><\/p>\n\n\n\nAddDefaultCharset UTF-8\n<\/pre>\n\n\n\nSet Charset for Specific Files<\/strong><\/p>\n\n\n\nAddType 'text\/html; charset=UTF-8' .html\n<\/pre>\n\n\n\nSet for specific files<\/strong><\/p>\n\n\n\nAddCharset UTF-8 .html\n\n<\/pre>\n\n\n\n ServerSignature<\/h3>\n\n\n\n
The ServerSignature<\/a> directive allows the configuration of a trailing footer line under server-generated documents. Optionally add a line containing the server version and virtual host name to server-generated pages (internal error documents, FTP directory listings, mod_status and mod_info output etc., but not CGI generated documents or custom error documents).<\/p>\n\n\n\n On <\/strong><\/p>\n\n\n\n adds a line with the server version number and ServerName of the serving virtual host<\/p>\n\n\n\n
Off <\/strong><\/p>\n\n\n\n suppresses the footer line<\/p>\n\n\n\n
Email <\/strong><\/p>\n\n\n\n creates a “mailto:” reference to the ServerAdmin of the referenced document<\/p>\n\n\n\n
SetEnv SERVER_ADMIN admin@site.com\nServerSignature Email\n<\/pre>\n\n\n\n Force Files to be Downloaded<\/h3>\n\n\n\n
The below will cause any requests for files ending in the specified extensions to not be displayed in the browser but instead force a “Save As” dialog so the client can download.<\/p>\n\n\n\n
AddType application\/octet-stream .avi .mpg .mov .pdf .xls .mp4\n<\/pre>\n\n\n\n HTTP Compression<\/h3>\n\n\n\n
The AddOutputFilter directive maps the filename extension extension to the filters which will process responses from the server before they are sent to the client. This is in addition to any filters defined elsewhere, including SetOutputFilter and AddOutputFilterByType. This mapping is merged over any already in force, overriding any mappings that already exist for the same extension.<\/p>\n\n\n\n
See also: https:\/\/developers.google.com\/speed\/docs\/insights\/EnableCompression<\/p>\n\n\n\n
AddOutputFilterByType DEFLATE text\/html text\/plain text\/xml application\/xml application\/xhtml+xml text\/javascript text\/css application\/x-javascript\nBrowserMatch ^Mozilla\/4 gzip-only-text\/html\nBrowserMatch ^Mozilla\/4\\.0[678] no-gzip\nBrowserMatch \\bMSIE !no-gzip !gzip-only-text\/html\n<\/pre>\n\n\n\nForce Compression for certain files<\/strong><\/p>\n\n\n\nSetOutputFilter DEFLATE\n\n<\/pre>\n\n\n\n Send Custom HTTP Headers<\/h3>\n\n\n\n
The Header directive lets you send HTTP headers for every request, or just specific files. You can view a sites HTTP Headers using Firebug<\/a>, Chrome Dev Tools, Wireshark<\/a> or an online tool<\/a>.<\/p>\n\n\n\nHeader set X-Pingback \"http:\/\/www.askapache.com\/xmlrpc.php\"\nHeader set Content-Language \"en-US\"\n<\/pre>\n\n\n\n Unset HTTP Headers<\/h3>\n\n\n\n
This will unset HTTP headers, using always<\/strong> will try extra hard to remove them.<\/p>\n\n\n\nHeader unset Pragma\nHeader always unset WP-Super-Cache\nHeader always unset X-Pingback\n<\/pre>\n\n\n\n Password Protect Login<\/h3>\n\n\n\n
This is very useful for protecting the wp-login.php<\/code> file. You can use this htpasswd generator<\/a>.<\/p>\n\n\n\nBasic Authentication<\/strong><\/p>\n\n\n\nAuthType Basic\nAuthName \"Password Protected\"\nAuthUserFile \/full\/path\/to\/.htpasswd\nRequire valid-user\nSatisfy All\n\n<\/pre>\n\n\n\nDigest Authentication<\/strong><\/p>\n\n\n\nAuthType Digest\nAuthName \"Password Protected\"\nAuthDigestDomain \/wp-login.php https:\/\/www.askapache.com\/wp-login.php\nAuthUserFile \/full\/path\/to\/.htpasswd\nRequire valid-user\nSatisfy All\n\n<\/pre>\n\n\n\n Require Specific IP<\/h3>\n\n\n\n
This is a way to only allow certain IP addresses to be allowed access.<\/p>\n\n\n\n
ErrorDocument 401 default\nErrorDocument 403 default\n\n\nOrder deny,allow\nDeny from all\nAllow from 198.101.159.98 localhost\n\n<\/pre>\n\n\n\n Protect Sensitive Files<\/h3>\n\n\n\n
This denies all web access to your wp-config file, error_logs, php.ini, and htaccess\/htpasswds.<\/p>\n\n\n\n
Order deny,allow\nDeny from all\n\n<\/pre>\n\n\n\n Require SSL<\/h3>\n\n\n\n
This will force SSL, and require the exact hostname or else it will redirect to the SSL version. Useful in a \/wp-admin\/.htaccess<\/code> file.<\/p>\n\n\n\nSSLOptions +StrictRequire\nSSLRequireSSL\nSSLRequire %{HTTP_HOST} eq \"www.wordpress.com\"\nErrorDocument 403 https:\/\/www.wordpress.com\n<\/pre>\n\n\n\n External Resources<\/h2>\n\n\n\n- Official Apache HTTP Server Tutorial: .htaccess files<\/a><\/li>
- Official Htaccess Directive Quick Reference<\/a><\/li>
- Htaccess Tutorial<\/a><\/li>
- Google PageSpeed for Developers<\/a><\/li>
- Stupid Htaccess Tricks<\/a><\/li>
- Advanced Mod_Rewrite<\/a><\/li><\/ul>\n\n\n\n
See also<\/h2>\n\n\n\n- htaccess for subdirectories<\/a><\/li>
- Using Permalinks<\/a><\/li>
- Changing File Permissions<\/a><\/li>
- UNIX Shell Skills<\/a><\/li>
- Rewrite API<\/a><\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"
The .htaccess is a distributed configuration file, and is how Apache handles configuration changes on a per-directory basis. WordPress uses this file to manipulate how Apache serves files from its root directory, and subdirectories thereof. Most notably, WP modifies this file to be able to handle pretty permalinks. This page may be used to restore […]<\/p>\n","protected":false},"author":8933097,"featured_media":0,"menu_order":0,"comment_status":"open","ping_status":"closed","template":"","category":[591439,591452],"class_list":["post-10840141","helphub_article","type-helphub_article","status-publish","hentry","category-advanced-topics","category-troubleshooting"],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/support\/wp-json\/wp\/v2\/articles\/10840141","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/support\/wp-json\/wp\/v2\/articles"}],"about":[{"href":"https:\/\/wordpress.org\/support\/wp-json\/wp\/v2\/types\/helphub_article"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/support\/wp-json\/wp\/v2\/users\/8933097"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/support\/wp-json\/wp\/v2\/comments?post=10840141"}],"version-history":[{"count":6,"href":"https:\/\/wordpress.org\/support\/wp-json\/wp\/v2\/articles\/10840141\/revisions"}],"predecessor-version":[{"id":14577527,"href":"https:\/\/wordpress.org\/support\/wp-json\/wp\/v2\/articles\/10840141\/revisions\/14577527"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/support\/wp-json\/wp\/v2\/media?parent=10840141"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wordpress.org\/support\/wp-json\/wp\/v2\/category?post=10840141"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}