Last Updated:

.htaccess Tricks for WordPress

In this article we will talk about apache settings using the htaccess file. What is a .htacces file and what is it for you can read on my website in the article "What is .htaccess?". Next, we will look at how to use htaccess to close the admin panel, protect the admin panel with an additional password, disable directory browsing, disable the execution of php scripts in some directories, protect the wp-config file.php, configure redirects, prohibit suspicious IP addresses, increase the size of WordPress files downloads. If you're interested, read on.


And the first thing we will do is to close access to the admin panel.

Close access to the admin panel using .htaccess

In order to close access to the WordPRess admin panel and leave access only for dedicated IPs just paste the following code into your .htaccess:

    order deny,allow
    deny from all
    allow from

Where change to your own.

HTTP-authorization in the WordPress admin panel

We can additionally close the admin panel with a password using htaccess. To do this, we need to generate a .htpasswd file. Then upload this file to the server and .htaccess add the following code:

AuthType Basic
AuthName "Input username and password"
AuthUserFile <the path to the file .htpasswd>
Require valid-user

You can read more about this in the article "HTTP Basic Authentication or HTTP Authorization»

Disable directory browsing

In order to disable viewing of files in the directory, you need to add the following line to the .htaccess.

Options -Indexes

Disabling the execution of PHP scripts in some directories

In order to disable the execution of php scripts in the directory, create an .htaccess file in it and place the following code in this file:

<Files *.php>
    deny from all

Securing the wp-config file.php

To protect the wp-config file.php from unauthorized access, add the following code to .htaccess

<files wp-config.php>
    order allow,deny
    deny from all

Set up 301 redirects

Sometimes it is necessary to transfer the content to another url, for example, our site has moved to https. In order to correctly and quickly make a redirect 301 you need to add the following code to .htaccess:

Redirect 301 /<old address>/ <new address>  

Prohibition of suspicious IP addresses

In order to deny access from some IP addresses, you need to add the following code to .htaccess:

<Limit GET POST>
    order allow,deny
    deny from
    allow from all

Where change to the necessary IP address that we want to block.

Increase the size of file downloads

In order to allow downloading files larger than configured in apache, you need to add the following code to .htaccess:

php_value upload_max_filesize 64M
php_value post_max_size 64M
php_value max_execution_time 300
php_value max_input_time 300

But for users with shared hosting, some methods may not work.


We've covered a few useful ways to configure apache using .htaccess. These methods can be used not only for sites managed by WordPress, but also for sites managed by various CMS.