{"id":49884,"date":"2025-07-15T08:05:09","date_gmt":"2025-07-15T07:05:09","guid":{"rendered":"https:\/\/wp-space.de\/?p=49884"},"modified":"2025-09-10T15:00:05","modified_gmt":"2025-09-10T14:00:05","slug":"htaccess-wordpress","status":"publish","type":"post","link":"https:\/\/wp-space.de\/en\/htaccess-wordpress\/","title":{"rendered":"Create and edit .htaccess in WordPress"},"content":{"rendered":"<p>You can use the .htaccess file to specifically improve the behavior of your WordPress website - without a plugin. Among other things, you can use it to regulate <a href=\"https:\/\/wp-space.de\/en\/create-301-redirect-using-htaccess\/\">301 redirects<\/a>increase the <a href=\"https:\/\/wp-space.de\/en\/wordpress-security\/\">Security <\/a>and <a href=\"https:\/\/wp-space.de\/en\/optimize-wordpress-pagespeed\/\">optimize your WordPress pagespeed. <\/a><\/p>\n\n\n\n<p>In short: you make your website more efficient, more secure and more user-friendly. In this article, you will learn how to create and edit a .htaccess file in WordPress and which settings are particularly useful.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What is an htaccess file in WordPress?<\/h2>\n\n\n\n<p>The .htaccess file (Hypertext Access) is a configuration file that is used on Apache web servers - including many WordPress websites. It controls server-side settings, <strong>before WordPress is even loaded<\/strong>.<\/p>\n\n\n\n<p>In WordPress, the .htaccess file is typically used for<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong><a href=\"https:\/\/wp-space.de\/en\/change-wordpress-permalink\/\">Change permalinks<\/a><\/strong> (adapt URL structure): So that yourpage.com\/?p=123 becomes e.g. yourpage.com\/my-post-title<\/li>\n\n\n\n<li><strong>Forwarding<\/strong>: Redirect visitors from your domain to another domain<\/li>\n\n\n\n<li><strong>Safety rules<\/strong>Define HTTP security headers and protect sensitive areas or block IP addresses<\/li>\n\n\n\n<li><strong>Performance optimization<\/strong>Activate caching or compress content for faster loading times<\/li>\n<\/ul>\n\n\n\n<p>The .htaccess file is a powerful tool for <strong>Functions, security and performance<\/strong> of your WordPress site without changing the CMS itself.<\/p>\n\n\n\n<p><strong>\ud83d\udca1Important note:<\/strong> In addition, the .htaccess can also be responsible for ensuring that the design and functionality of your website are displayed correctly. If there are incorrect entries in your .htaccess, this can break your website.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Where can I find the file?<\/h2>\n\n\n\n<p>You can find the .htaccess file in the <strong>Root directory of your WordPress installation<\/strong>where files such as wp-config.php, wp-login.php and the wp-content, wp-admin and wp-includes folders are located.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"400\" src=\"https:\/\/wp-space.de\/wp-content\/uploads\/2025\/07\/htaccessstammverzeichnis-1024x400.png\" alt=\".htaccess file in WordPress root directory\" class=\"wp-image-49889\" srcset=\"https:\/\/wp-space.de\/wp-content\/uploads\/2025\/07\/htaccessstammverzeichnis-1024x400.png 1024w, https:\/\/wp-space.de\/wp-content\/uploads\/2025\/07\/htaccessstammverzeichnis-300x117.png 300w, https:\/\/wp-space.de\/wp-content\/uploads\/2025\/07\/htaccessstammverzeichnis-768x300.png 768w, https:\/\/wp-space.de\/wp-content\/uploads\/2025\/07\/htaccessstammverzeichnis-18x7.png 18w, https:\/\/wp-space.de\/wp-content\/uploads\/2025\/07\/htaccessstammverzeichnis.png 1272w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">How to find them:<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">1. via an FTP program (e.g. <a href=\"https:\/\/filezilla-project.org\/\" target=\"_blank\" rel=\"noopener\">FileZilla<\/a>)<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Connect to your web server.<\/li>\n\n\n\n<li>Change to the main directory of your website.<\/li>\n\n\n\n<li>Attention: .htaccess is a <strong>hidden file<\/strong>. Activate the display of hidden files in your FTP program (in <a href=\"https:\/\/filezilla-project.org\/\" target=\"_blank\" rel=\"noopener\">FileZilla<\/a> under <em>Server \u2192 Force listing of hidden files<\/em>).<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">2. via the file manager of your hosting provider<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Log in to the customer area of your <a href=\"https:\/\/wp-space.de\/en\/managed-wordpress-hosting\/\">Hosters<\/a> to.<\/li>\n\n\n\n<li>Go to the file manager<\/li>\n\n\n\n<li>Navigate to the root directory of your <a href=\"https:\/\/wp-space.de\/en\/what-is-wordpress\/\">WordPress<\/a>.<\/li>\n\n\n\n<li>Make sure that hidden files are also displayed here.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">3. the file is not there?<\/h4>\n\n\n\n<p>In some cases, the .htaccess file is not yet available, such as with some new <a href=\"https:\/\/wp-space.de\/en\/install-wordpress-manually\/\">WordPress installations<\/a>. You can then <strong>Create manually<\/strong> (simply create a file called .htaccess and fill it as in the next section) or in WordPress under <strong>Settings \u2192 Permalinks<\/strong> save the structure. WordPress then creates the file automatically, provided the server has write permissions.<\/p>\n\n\n\n<p><strong>\ud83d\udca1Note:<\/strong> If you do not rely on an Apache server as with WPspace, but on a <a href=\"https:\/\/wp-space.de\/en\/\">WordPress hosting<\/a> with nginx caching, you do not have a .htaccess file by default. The commands it contains must be adapted to nginx caching, otherwise you will destroy your WordPress website.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How do you set up htaccess in WordPress?<\/h2>\n\n\n\n<p>Setting up the .htaccess file in WordPress is easy if you know what's important. Here you can find out step by step how to create and configure the file correctly.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1. check whether an .htaccess file already exists<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Open the root directory of your WordPress installation (via FTP or file manager).<\/li>\n\n\n\n<li>Make sure that hidden files are visible.<\/li>\n\n\n\n<li>If an .htaccess file exists, you can edit it. If not, create a new one (see next step).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">2. Create .htaccess file (if not available)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Create a new .txt file with a program such as Notepad++ or Sublime and name it exactly .htaccess (without file extension).<\/li>\n\n\n\n<li>Upload them to the root directory of your WordPress installation.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">3. insert standard code for WordPress<\/h3>\n\n\n\n<p>If you want to create a clean new .htaccess, you can simply insert the following code: <\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># BEGIN WordPress\n\nRewriteEngine On\nRewriteBase \/\nRewriteRule ^index\\.php$ - [L]\nRewriteCond %{REQUEST_FILENAME} !-f\nRewriteCond %{REQUEST_FILENAME} !-d\nRewriteRule . \/index.php [L]\n\n# END WordPress<\/code><\/pre>\n\n\n\n<p><strong>\ud83d\udca1 Tip:<\/strong> If you are under <strong>Settings \u2192 Permalinks<\/strong> structure, WordPress automatically creates these rules if the file is writable.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"773\" src=\"https:\/\/wp-space.de\/wp-content\/uploads\/2025\/07\/htaccess-durch-permalinks-erstellen-1024x773.png\" alt=\"Create .htaccess via save permalink in WordPress backend\" class=\"wp-image-49898\" srcset=\"https:\/\/wp-space.de\/wp-content\/uploads\/2025\/07\/htaccess-durch-permalinks-erstellen-1024x773.png 1024w, https:\/\/wp-space.de\/wp-content\/uploads\/2025\/07\/htaccess-durch-permalinks-erstellen-300x227.png 300w, https:\/\/wp-space.de\/wp-content\/uploads\/2025\/07\/htaccess-durch-permalinks-erstellen-768x580.png 768w, https:\/\/wp-space.de\/wp-content\/uploads\/2025\/07\/htaccess-durch-permalinks-erstellen-16x12.png 16w, https:\/\/wp-space.de\/wp-content\/uploads\/2025\/07\/htaccess-durch-permalinks-erstellen.png 1307w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">4. add your own rules (optional)<\/h3>\n\n\n\n<p>For example, if you want to define your own redirect rules via .htaccess, you can simply add the required lines of code to your .htaccess. You can insert additional lines of code before or after the WordPress block, e.g:<\/p>\n\n\n\n<p><strong>Forwarding:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Redirect 301 \/old-page https:\/\/deineseite.de\/neue-seite<\/code><\/pre>\n\n\n\n<p><strong>Access protection:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Order deny,allow\n\n  Deny from all<\/code><\/pre>\n\n\n\n<p><strong>Forwarding from with www. to without www.<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>RewriteEngine On\nRewriteCond %{HTTP_HOST} !^www\\.domain\\.de$ [NC]\nRewriteRule ^(.*)$ http:\/\/www.domain.de\/$1 [L,R=301]<\/code><\/pre>\n\n\n\n<p><strong>\ud83d\udca1 Note:<\/strong> If you set this rule via your .htaccess, this can lead to the error \"Too many redirects\". By default, you make this change directly in WordPress. This applies to both directions: from with www. to without www. and vice versa.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"778\" height=\"528\" src=\"https:\/\/wp-space.de\/wp-content\/uploads\/2025\/07\/www-anpassen.png\" alt=\"Customize www. for domain in WordPress without htaccess\" class=\"wp-image-49892\" srcset=\"https:\/\/wp-space.de\/wp-content\/uploads\/2025\/07\/www-anpassen.png 778w, https:\/\/wp-space.de\/wp-content\/uploads\/2025\/07\/www-anpassen-300x204.png 300w, https:\/\/wp-space.de\/wp-content\/uploads\/2025\/07\/www-anpassen-768x521.png 768w, https:\/\/wp-space.de\/wp-content\/uploads\/2025\/07\/www-anpassen-18x12.png 18w\" sizes=\"(max-width: 778px) 100vw, 778px\" \/><\/figure>\n\n\n\n<p><strong>Caching and compression:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ExpiresActive On\n\n  ExpiresByType image\/jpg \"access plus 1 year\"\n\n  ...<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">5. save and test the file<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Save changes and upload file (if edited locally).<\/li>\n\n\n\n<li>Open the WordPress website and check that everything works as expected.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">What is part of .htaccess?<\/h2>\n\n\n\n<p>The .htaccess file contains <strong>Rules and instructions<\/strong>with which you can directly influence the behavior of the web server (Apache) even before <a href=\"https:\/\/wp-space.de\/en\/learn-wordpress\/wordpress-basics\/\">WordPress<\/a> is loaded. It works like a kind of \"control center\" for certain server-side functions.<\/p>\n\n\n\n<p>Typical components of an .htaccess file are<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Standard code<\/h3>\n\n\n\n<p>This code should always be part of your .htaccess to ensure the functionality of your website:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># BEGIN WordPress\n\nRewriteEngine On\nRewriteBase \/\nRewriteRule ^index\\.php$ - [L]\nRewriteCond %{REQUEST_FILENAME} !-f\nRewriteCond %{REQUEST_FILENAME} !-d\nRewriteRule . \/index.php [L]\n\n# END WordPress<\/code><\/pre>\n\n\n\n<p>The following rules in the form of lines of code can be added to your .htaccess. It is best to always add them after \"# END WordPress\". <\/p>\n\n\n\n<h3 class=\"wp-block-heading\">URL rewrites (rewrite rules)<\/h3>\n\n\n\n<p>Important for permalinks in WordPress. Example:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>RewriteEngine On\n\nRewriteRule ^example$ \/index.php?page=example [L]<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Access restrictions<\/h3>\n\n\n\n<p>Protect certain files or directories from unauthorized access:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Order deny,allow\n\n  Deny from all<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Forwarding<\/h3>\n\n\n\n<p>Automatically redirect visitors from one URL to another:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Redirect 301 \/old-page https:\/\/deinewebsite.de\/neue-seite<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Caching and performance optimization<\/h3>\n\n\n\n<p>Ensure faster loading times through browser caching or compression:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ExpiresActive On\n\n  ExpiresByType image\/png \"access plus 1 year\"<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Safety rules<\/h3>\n\n\n\n<p>Prevent access to hidden files or secure sensitive areas, for example:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Order deny,allow\n\n  Deny from all<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">.htaccess example for WordPress with security rule<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># BEGIN WordPress\n\n\n\nRewriteEngine On\n\nRewriteBase \/\n\nRewriteRule ^index\\.php$ - [L]\n\nRewriteCond %{REQUEST_FILENAME} !-f\n\nRewriteCond %{REQUEST_FILENAME} !-d\n\nRewriteRule . \/index.php [L]\n\n\n\n# END WordPress\n\n# Security: Block access to wp-config.php\n\n\n\n  Order deny,allow\n\n  Deny from all<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">What does this example do?<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>WordPress part (above):<br><\/strong> Ensures that permalinks (e.g. domain.com\/example-page) are called up correctly.<\/li>\n\n\n\n<li><strong>Safety rule (below):<\/strong><strong><br><\/strong> Prevents direct access to the wp-config.php file, which contains sensitive data such as your database access data.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Frequently asked questions about the WordPress.htaccess file in WordPress<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Can I simply edit the .htaccess file?<\/h3>\n\n\n\n<p>Yes, but <strong>be careful<\/strong>. Even a small error can result in your website no longer being accessible. It is best to always make a backup copy of the existing file before you make any changes.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">How do I restore the default content of the WordPress .htaccess?<\/h3>\n\n\n\n<p>Here is the standard code required for permalinks in a typical WordPress installation:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># BEGIN WordPress\n\nRewriteEngine On\nRewriteBase \/\nRewriteRule ^index\\.php$ - [L]\nRewriteCond %{REQUEST_FILENAME} !-f\nRewriteCond %{REQUEST_FILENAME} !-d\nRewriteRule . \/index.php [L]\n\n# END WordPress<\/code><\/pre>\n\n\n\n<p><strong>\ud83d\udca1 Note:<\/strong> If your WordPress website requires specific lines of code for a plugin, the plugin will automatically add the code back to the .htaccess.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Can I make my site more secure with the .htaccess file?<\/h3>\n\n\n\n<p>Yes, in any case. For example, you can block access to sensitive files, lock out IP addresses or protect directories. Such measures significantly increase security - especially against bots or simple attack attempts.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Do I need to have programming knowledge to use .htaccess?<\/h3>\n\n\n\n<p>Not necessarily. You can implement many common use cases with ready-made code snippets. Some basic technical understanding helps, but you don't need to be a professional - you just need to be careful.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Why .htaccess is important for SEO:<\/h3>\n\n\n\n<p>The .htaccess file is a <strong>technical SEO tool<\/strong>which helps to make your WordPress site search engine friendly and powerful. It is therefore worth considering them not only as a security or performance element, but also as part of <a href=\"https:\/\/blogtec.io\/de\/blog\/seo-trends-2025\/\" target=\"_blank\" rel=\"noopener\">Your SEO strategy<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">What are HTTP Security Headers?<\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"516\" src=\"https:\/\/wp-space.de\/wp-content\/uploads\/2025\/07\/HTTP-Security-Header-1024x516.png\" alt=\"Define HTTP Security Header in .htaccess\" class=\"wp-image-49896\" srcset=\"https:\/\/wp-space.de\/wp-content\/uploads\/2025\/07\/HTTP-Security-Header-1024x516.png 1024w, https:\/\/wp-space.de\/wp-content\/uploads\/2025\/07\/HTTP-Security-Header-300x151.png 300w, https:\/\/wp-space.de\/wp-content\/uploads\/2025\/07\/HTTP-Security-Header-768x387.png 768w, https:\/\/wp-space.de\/wp-content\/uploads\/2025\/07\/HTTP-Security-Header-18x9.png 18w, https:\/\/wp-space.de\/wp-content\/uploads\/2025\/07\/HTTP-Security-Header.png 1120w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>The HTTP security headers are additional security rules that are inserted via your .htaccess file. There are different security headers that protect websites from different types of attacks. <\/p>\n\n\n\n<p>For example, you can use X-Frame-Options to protect your website from being integrated into other websites via iFrame. The most common security header is probably the \"Content-Security-Policy (CSP)\". You use this security rule to determine which content may be loaded. Caution: Make sure you have the correct exceptions so that all functions such as Google Maps, YouTube, newsletters or similar continue to work on your website<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion on the WordPress .htaccess file<\/h2>\n\n\n\n<p>The .htaccess file is a powerful tool with which you can specifically influence the behavior of your WordPress website at server level. <strong>even before WordPress itself becomes active<\/strong>. Whether for SEO-friendly URLs, better loading times, more security or targeted redirects: Just a few lines of code can make a noticeable difference. It is important to always proceed with caution and to carry out a thorough <a href=\"https:\/\/wp-space.de\/en\/create-wordpress-backup\/\">Create a backup of the file<\/a>. This allows you to use the full potential of .htaccess without taking any risks.<\/p>","protected":false},"excerpt":{"rendered":"<p>Mit der .htaccess-Datei kannst Du das Verhalten Deiner WordPress-Website gezielt verbessern \u2013 und das ohne ein Plugin. Du regelst damit unter anderem 301-Weiterleitungen, erh\u00f6hst die Sicherheit und optimierst deinen WordPress Pagespeed. Kurz gesagt: Du machst Deine Website effizienter, sicherer und benutzerfreundlicher. In diesem Beitrag erf\u00e4hrst Du, wie Du eine .htaccess-Datei in WordPress erstellst, bearbeitest und [&hellip;]<\/p>\n","protected":false},"author":19,"featured_media":49902,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[84,94,88],"tags":[],"class_list":["post-49884","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-wordpress-grundlagen","category-allgemein","category-wordpress-datenschutz-und-security"],"_links":{"self":[{"href":"https:\/\/wp-space.de\/en\/wp-json\/wp\/v2\/posts\/49884","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wp-space.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wp-space.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wp-space.de\/en\/wp-json\/wp\/v2\/users\/19"}],"replies":[{"embeddable":true,"href":"https:\/\/wp-space.de\/en\/wp-json\/wp\/v2\/comments?post=49884"}],"version-history":[{"count":14,"href":"https:\/\/wp-space.de\/en\/wp-json\/wp\/v2\/posts\/49884\/revisions"}],"predecessor-version":[{"id":51313,"href":"https:\/\/wp-space.de\/en\/wp-json\/wp\/v2\/posts\/49884\/revisions\/51313"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wp-space.de\/en\/wp-json\/wp\/v2\/media\/49902"}],"wp:attachment":[{"href":"https:\/\/wp-space.de\/en\/wp-json\/wp\/v2\/media?parent=49884"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wp-space.de\/en\/wp-json\/wp\/v2\/categories?post=49884"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wp-space.de\/en\/wp-json\/wp\/v2\/tags?post=49884"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}